Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | mod_http: Clean up redirects handlers for wildcard on http module unload | Kim Alvefur | 2021-12-22 | 1 | -0/+7 |
| | | | | | These would previously be left behind. Probably mostly harmless except for clogging up the `debug:events()` listing in the console. | ||||
* | Fix various spelling errors (thanks codespell) | Kim Alvefur | 2021-07-27 | 1 | -1/+1 |
| | | | | | Also special thanks to timeless, for wordlessly reminding me to check for typos. | ||||
* | mod_http: Consolidate handling of proxied connection details | Kim Alvefur | 2021-02-27 | 1 | -9/+9 |
| | | | | | Trying to move everything relating to proxies and X-Forwarded-Foo into a single place. | ||||
* | net.http.server: Set request.ip so mod_http doesn't have to | Kim Alvefur | 2021-02-27 | 1 | -1/+1 |
| | | | | | | | | Because it already sets request.secure, which depends on the connection, just like the IP, so it makes sense to do both in the same place. Dealing with proxies can be left to mod_http for now, but maybe it could move into some util some day? | ||||
* | Merge 0.11->trunk | Kim Alvefur | 2021-02-27 | 1 | -3/+3 |
|\ | |||||
| * | mod_http: Restore ip field for requests without proxies | Kim Alvefur | 2021-02-27 | 1 | -2/+2 |
| | | | | | | | | | | 8603011e51fe optimized out more than just the loop, leaving the .ip field blank when the request wasn't from a proxy. | ||||
| * | mod_http: Fix trusted proxies check (thanks buildbot) | Kim Alvefur | 2021-02-18 | 1 | -1/+1 |
| | | | | | | | | | | is_trusted_proxy() is only in trunk, I dun goofed when I rebased 8603011e51fe from trunk. | ||||
* | | mod_http: Improve message for missing 'route' | Kim Alvefur | 2021-02-23 | 1 | -1/+1 |
| | | | | | | | | | | This was the late night early draft text, thought I had amended this but apparently I forgot. | ||||
* | | mod_http: Warn if app is missing 'route' | Kim Alvefur | 2021-02-21 | 1 | -1/+7 |
| | | | | | | | | | | | | | | | | | | | | Makes no sense to have a http module with no handlers Would have helped me when I accidentally module:provides("http", { GET = handler; }) | ||||
* | | mod_http: Allow modifying CORS header list via :provides API | Kim Alvefur | 2019-12-30 | 1 | -1/+11 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { headers = { Accept = true; Expect = false; }; }; route = { ... }; }); Case might be weird. | ||||
* | | mod_http: Allow setting the CORS credentials flag via :provides API | Kim Alvefur | 2019-12-30 | 1 | -1/+9 |
| | | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { credentials = true; }; route = { ... }; }); | ||||
* | | mod_http: Optimize proxy IP check | Kim Alvefur | 2021-02-18 | 1 | -0/+3 |
| | | | | | | | | | | No need to do a subnet match comparison to see if two IP addresses match exactly. | ||||
* | | mod_http: Consider x-forwarded-proto from trusted proxies | Kim Alvefur | 2021-02-18 | 1 | -0/+4 |
| | | | | | | | | | | | | | | Should be better than setting consider_{bosh,websocket}_secure as that may end up causing actually insecure requests to be considered secure. Doing it here, as with IP, should make this apply to all HTTP modules. | ||||
* | | Merge 0.11->trunk | Kim Alvefur | 2021-02-18 | 1 | -1/+1 |
|\| | |||||
| * | mod_http: Skip IP resolution in non-proxied case | Kim Alvefur | 2021-02-18 | 1 | -1/+1 |
| | | | | | | | | | | Skips doing the whole get_ip_from_request() dance if the request isn't from a proxy at all, even if the client sent the header for some reason. | ||||
* | | mod_http: Silence warnings when running under prosodyctl | Matthew Wild | 2020-09-11 | 1 | -2/+4 |
| | | |||||
* | | mod_http: Add way to signal that a module supports streaming uploads | Kim Alvefur | 2020-08-01 | 1 | -1/+3 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #726 API: module:provides("http", { streaming_uploads = true; route = { PUT = function (event) event.request.body_sink = io.tmpfile(); return true; end } }) | ||||
* | | net.http.parser: Allow specifying sink for large request bodies | Kim Alvefur | 2020-08-01 | 1 | -0/+9 |
| | | | | | | | | | | | | | | This enables uses such as saving uploaded files directly to a file on disk or streaming parsing of payloads. See #726 | ||||
* | | mod_http: Support CIDR for trusted proxies. | Boris Grozev | 2020-06-10 | 1 | -1/+16 |
| | | |||||
* | | mod_http: Tell luacheck to ignore the long comment lines | Kim Alvefur | 2020-05-14 | 1 | -0/+1 |
| | | |||||
* | | mod_http: Add documentation to the non-obvious logic of get_ip_from_request | Jonas Schäfer | 2020-05-14 | 1 | -0/+7 |
| | | | | | | | | Because docs are good. | ||||
* | | mod_net_multiplex: Add support for using ALPN | Kim Alvefur | 2019-11-29 | 1 | -0/+1 |
| | | | | | | | | | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose. | ||||
* | | mod_http: Log served URLs at 'info' level | Kim Alvefur | 2019-11-29 | 1 | -1/+1 |
| | | | | | | | | | | | | These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything. | ||||
* | | mod_http: Soften dependency on mod_http_errors | Kim Alvefur | 2019-11-16 | 1 | -1/+3 |
| | | | | | | | | | | | | This allows disabling mod_http_errors by adding it to moduless_disabled and ensures mod_http loads even if the error pages aren't as pretty. | ||||
* | | mod_http: Unhook CORS related event handlers | Kim Alvefur | 2019-10-10 | 1 | -3/+10 |
| | | | | | | | | | | | | | | Prevents CORS related handlers from being left over on reload. BC: `mod_http.apps[app_name][event_name]` is now a table instead of the main handler function. | ||||
* | | mod_http: Add support for configuring CORS Access-Control-Allow-Credentials | Matthew Wild | 2019-09-11 | 1 | -2/+6 |
| | | |||||
* | | core.certmanager: Do not ask for client certificates by default | Kim Alvefur | 2019-03-10 | 1 | -3/+0 |
| | | | | | | | | | | | | Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it. | ||||
* | | mod_http: Determine CORS methods to whitelist from actual methods used | Kim Alvefur | 2019-01-17 | 1 | -2/+9 |
| | | |||||
* | | mod_http: Set up to handle OPTIONS | Kim Alvefur | 2019-01-18 | 1 | -0/+7 |
| | | | | | | | | | | Lower priority to allow http modules to handle it themselves, should they wish to | ||||
* | | mod_http: Solve CORS problems once and for all | Kim Alvefur | 2018-10-04 | 1 | -0/+19 |
|/ | | | | | | | This blindly allows any cross-site requests. Future work should add an API to allow each HTTP app some influence over this for each HTTP path | ||||
* | mod_http: Move normalize_path to util.http | Kim Alvefur | 2018-10-14 | 1 | -10/+1 |
| | |||||
* | Merge 0.10->trunk | Kim Alvefur | 2018-10-14 | 1 | -3/+7 |
|\ | |||||
| * | mod_http: Make sure path from http_external_url always ends with a slash ↵ | Kim Alvefur | 2018-10-14 | 1 | -3/+7 |
| | | | | | | | | (fixes #1183) | ||||
* | | mod_http: Support global HTTP modules | Kim Alvefur | 2018-09-21 | 1 | -5/+16 |
| | | | | | | | | Such modules simply ignore the Host header and always handle the same path. | ||||
* | | Revert 2dc7490899ae::5d6b252bc36f: Unfinished and broken | Kim Alvefur | 2018-09-21 | 1 | -12/+2 |
| | | |||||
* | | mod_http: Hook the host-less event if hooked from a global module | Kim Alvefur | 2018-09-21 | 1 | -1/+5 |
| | | |||||
* | | net.http.server: Move handling of hosts to mod_http | Kim Alvefur | 2018-09-21 | 1 | -1/+7 |
| | | | | | | | | | | Now an event like `GET /path` is fired at first, and mod\_http dispatches the old `GET host/path` events. | ||||
* | | mod_http: Rename argument to avoid name clash with outer scope [luacheck] | Kim Alvefur | 2018-07-06 | 1 | -3/+3 |
| | | |||||
* | | mod_http: Rename loop variable to avoid name clash [luacheck] | Kim Alvefur | 2018-07-06 | 1 | -2/+2 |
| | | |||||
* | | mod_http: Rename loop variable to avoid name clash [luacheck] | Kim Alvefur | 2018-07-06 | 1 | -2/+2 |
| | | |||||
* | | mod_http: Silecence harmless warnings | Kim Alvefur | 2018-07-06 | 1 | -2/+2 |
| | | |||||
* | | mod_http: Pass util.events object to API, fixes traceback | Kim Alvefur | 2018-03-16 | 1 | -1/+1 |
| | | |||||
* | | mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) ↵ | Kim Alvefur | 2018-03-15 | 1 | -0/+25 |
| | | | | | | | | (fixes #540) | ||||
* | | Merge 0.10->trunk | Kim Alvefur | 2017-01-26 | 1 | -5/+1 |
|\| | |||||
| * | util.sslconfig: Remvoe flag merging for 'verify' as this is more of a ↵ | Kim Alvefur | 2017-01-26 | 1 | -5/+1 |
| | | | | | | | | tri-state field than a set of options | ||||
* | | Merge 0.10->trunk | Kim Alvefur | 2016-08-18 | 1 | -0/+3 |
|\| | |||||
| * | Merge 0.9->0.10 | Kim Alvefur | 2016-08-18 | 1 | -0/+3 |
| |\ | |||||
| | * | mod_http: Allow configuring http parser size limits | Kim Alvefur | 2016-08-18 | 1 | -0/+3 |
| | | | |||||
* | | | mod_http: Fix indentation in redir_handler | Emmanuel Gil Peyrot | 2016-07-24 | 1 | -3/+3 |
| | | | |||||
* | | | Update every link to the documentation to use HTTPS | Emmanuel Gil Peyrot | 2016-04-16 | 1 | -1/+1 |
| | | |