aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_http.lua
Commit message (Collapse)AuthorAgeFilesLines
* mod_http: Consolidate handling of proxied connection detailsKim Alvefur2021-02-271-9/+9
| | | | | Trying to move everything relating to proxies and X-Forwarded-Foo into a single place.
* net.http.server: Set request.ip so mod_http doesn't have toKim Alvefur2021-02-271-1/+1
| | | | | | | | Because it already sets request.secure, which depends on the connection, just like the IP, so it makes sense to do both in the same place. Dealing with proxies can be left to mod_http for now, but maybe it could move into some util some day?
* Merge 0.11->trunkKim Alvefur2021-02-271-3/+3
|\
| * mod_http: Restore ip field for requests without proxiesKim Alvefur2021-02-271-2/+2
| | | | | | | | | | 8603011e51fe optimized out more than just the loop, leaving the .ip field blank when the request wasn't from a proxy.
| * mod_http: Fix trusted proxies check (thanks buildbot)Kim Alvefur2021-02-181-1/+1
| | | | | | | | | | is_trusted_proxy() is only in trunk, I dun goofed when I rebased 8603011e51fe from trunk.
* | mod_http: Improve message for missing 'route'Kim Alvefur2021-02-231-1/+1
| | | | | | | | | | This was the late night early draft text, thought I had amended this but apparently I forgot.
* | mod_http: Warn if app is missing 'route'Kim Alvefur2021-02-211-1/+7
| | | | | | | | | | | | | | | | | | | | Makes no sense to have a http module with no handlers Would have helped me when I accidentally module:provides("http", { GET = handler; })
* | mod_http: Allow modifying CORS header list via :provides APIKim Alvefur2019-12-301-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { headers = { Accept = true; Expect = false; }; }; route = { ... }; }); Case might be weird.
* | mod_http: Allow setting the CORS credentials flag via :provides APIKim Alvefur2019-12-301-1/+9
| | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { credentials = true; }; route = { ... }; });
* | mod_http: Optimize proxy IP checkKim Alvefur2021-02-181-0/+3
| | | | | | | | | | No need to do a subnet match comparison to see if two IP addresses match exactly.
* | mod_http: Consider x-forwarded-proto from trusted proxiesKim Alvefur2021-02-181-0/+4
| | | | | | | | | | | | | | Should be better than setting consider_{bosh,websocket}_secure as that may end up causing actually insecure requests to be considered secure. Doing it here, as with IP, should make this apply to all HTTP modules.
* | Merge 0.11->trunkKim Alvefur2021-02-181-1/+1
|\|
| * mod_http: Skip IP resolution in non-proxied caseKim Alvefur2021-02-181-1/+1
| | | | | | | | | | Skips doing the whole get_ip_from_request() dance if the request isn't from a proxy at all, even if the client sent the header for some reason.
* | mod_http: Silence warnings when running under prosodyctlMatthew Wild2020-09-111-2/+4
| |
* | mod_http: Add way to signal that a module supports streaming uploadsKim Alvefur2020-08-011-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #726 API: module:provides("http", { streaming_uploads = true; route = { PUT = function (event) event.request.body_sink = io.tmpfile(); return true; end } })
* | net.http.parser: Allow specifying sink for large request bodiesKim Alvefur2020-08-011-0/+9
| | | | | | | | | | | | | | This enables uses such as saving uploaded files directly to a file on disk or streaming parsing of payloads. See #726
* | mod_http: Support CIDR for trusted proxies.Boris Grozev2020-06-101-1/+16
| |
* | mod_http: Tell luacheck to ignore the long comment linesKim Alvefur2020-05-141-0/+1
| |
* | mod_http: Add documentation to the non-obvious logic of get_ip_from_requestJonas Schäfer2020-05-141-0/+7
| | | | | | | | Because docs are good.
* | mod_net_multiplex: Add support for using ALPNKim Alvefur2019-11-291-0/+1
| | | | | | | | | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose.
* | mod_http: Log served URLs at 'info' levelKim Alvefur2019-11-291-1/+1
| | | | | | | | | | | | These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything.
* | mod_http: Soften dependency on mod_http_errorsKim Alvefur2019-11-161-1/+3
| | | | | | | | | | | | This allows disabling mod_http_errors by adding it to moduless_disabled and ensures mod_http loads even if the error pages aren't as pretty.
* | mod_http: Unhook CORS related event handlersKim Alvefur2019-10-101-3/+10
| | | | | | | | | | | | | | Prevents CORS related handlers from being left over on reload. BC: `mod_http.apps[app_name][event_name]` is now a table instead of the main handler function.
* | mod_http: Add support for configuring CORS Access-Control-Allow-CredentialsMatthew Wild2019-09-111-2/+6
| |
* | core.certmanager: Do not ask for client certificates by defaultKim Alvefur2019-03-101-3/+0
| | | | | | | | | | | | Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it.
* | mod_http: Determine CORS methods to whitelist from actual methods usedKim Alvefur2019-01-171-2/+9
| |
* | mod_http: Set up to handle OPTIONSKim Alvefur2019-01-181-0/+7
| | | | | | | | | | Lower priority to allow http modules to handle it themselves, should they wish to
* | mod_http: Solve CORS problems once and for allKim Alvefur2018-10-041-0/+19
|/ | | | | | | This blindly allows any cross-site requests. Future work should add an API to allow each HTTP app some influence over this for each HTTP path
* mod_http: Move normalize_path to util.httpKim Alvefur2018-10-141-10/+1
|
* Merge 0.10->trunkKim Alvefur2018-10-141-3/+7
|\
| * mod_http: Make sure path from http_external_url always ends with a slash ↵Kim Alvefur2018-10-141-3/+7
| | | | | | | | (fixes #1183)
* | mod_http: Support global HTTP modulesKim Alvefur2018-09-211-5/+16
| | | | | | | | Such modules simply ignore the Host header and always handle the same path.
* | Revert 2dc7490899ae::5d6b252bc36f: Unfinished and brokenKim Alvefur2018-09-211-12/+2
| |
* | mod_http: Hook the host-less event if hooked from a global moduleKim Alvefur2018-09-211-1/+5
| |
* | net.http.server: Move handling of hosts to mod_httpKim Alvefur2018-09-211-1/+7
| | | | | | | | | | Now an event like `GET /path` is fired at first, and mod\_http dispatches the old `GET host/path` events.
* | mod_http: Rename argument to avoid name clash with outer scope [luacheck]Kim Alvefur2018-07-061-3/+3
| |
* | mod_http: Rename loop variable to avoid name clash [luacheck]Kim Alvefur2018-07-061-2/+2
| |
* | mod_http: Rename loop variable to avoid name clash [luacheck]Kim Alvefur2018-07-061-2/+2
| |
* | mod_http: Silecence harmless warningsKim Alvefur2018-07-061-2/+2
| |
* | mod_http: Pass util.events object to API, fixes tracebackKim Alvefur2018-03-161-1/+1
| |
* | mod_http: Set request.ip on all HTTP requests (moves code out of mod_bosh) ↵Kim Alvefur2018-03-151-0/+25
| | | | | | | | (fixes #540)
* | Merge 0.10->trunkKim Alvefur2017-01-261-5/+1
|\|
| * util.sslconfig: Remvoe flag merging for 'verify' as this is more of a ↵Kim Alvefur2017-01-261-5/+1
| | | | | | | | tri-state field than a set of options
* | Merge 0.10->trunkKim Alvefur2016-08-181-0/+3
|\|
| * Merge 0.9->0.10Kim Alvefur2016-08-181-0/+3
| |\
| | * mod_http: Allow configuring http parser size limitsKim Alvefur2016-08-181-0/+3
| | |
* | | mod_http: Fix indentation in redir_handlerEmmanuel Gil Peyrot2016-07-241-3/+3
| | |
* | | Update every link to the documentation to use HTTPSEmmanuel Gil Peyrot2016-04-161-1/+1
| | |
* | | plugins/mod_http: Keep query string over automatic redirectsdaurnimator2016-02-151-0/+3
| | |
* | | Backout unintentional commit ed5440a6ef7fMatthew Wild2015-12-031-1/+7
| | |