aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_http.lua
Commit message (Collapse)AuthorAgeFilesLines
* mod_http: Make RFC 7239 Forwarded opt-in for now to be safeKim Alvefur2023-06-031-3/+10
| | | | | | | | | | | | | Supporting both methods at the same time may open to spoofing attacks, whereby a client sends a Forwarded header that is not stripped by a reverse proxy, leading Prosody to use that instead of the X-Forwarded-* headers actually sent by the proxy. By only supporting one at a time, it can be configured to match what the proxy uses. Disabled by default since implementations are sparse and X-Forwarded-* are everywhere.
* mod_http: Use RFC 7239 Forwarded header to find original client IPKim Alvefur2023-06-031-1/+20
| | | | | | | | | | | | | | Prefer over X-Forwarded-* since it has an actual specification. Main practical difference is that Forwarded may carry more properties than only the IP address since it is a structured header. Since we parse it into an array, it is easier to do the logical thing and iterate backwards trough proxies until an untrusted one is encountered. Compare the handling of X-Forwarded-For. The 'secure' field now accounts for the full chain of proxies, which must be secure all the way to be considered secure.
* mod_http: Handle bracketed IP address format from RFC 7239Kim Alvefur2023-06-031-0/+6
| | | | | | There are hints that this format might be used in X-Forwarded-For as well, so best handle it everywhere. Strips both brackets and optional port number.
* mod_http: Add way to retrieve internal URL instead of externalKim Alvefur2023-05-241-2/+2
| | | | | | | | This could be of help when configuring reverse proxies, as it is the internal URL the proxy must point at. Argument treated as an enum "internal" "external"(default) to allow for future extensibility.
* mod_http: Fix reliance on previous tostring() format of util.setKim Alvefur2023-04-101-2/+7
| | | | | | | | a863e4237b91 unintentionally changed the format of HTTP CORS headers, which were apparently relying on the output of tostring(), which it shouldn't have. Explicitly serializing it this time.
* plugins: Prefix module imports with prosody namespaceKim Alvefur2023-03-241-6/+6
|
* mod_http: Unhook CORS handlers only if active (fixes #1801)Kim Alvefur2023-03-051-3/+7
|
* mod_http: Allow disabling CORS in the http_cors_override option and by defaultMatthew Wild2022-10-311-4/+11
| | | | | | | | | | | | | | | | | | | Fixes #1779. Due to an oversight in the logic, if the user set 'enabled' to false in an override, it would disable the item's requested CORS settings, but still apply Prosody's default CORS policy. This change ensures that 'enabled = false' will now disable CORS entirely for the requested item. Due to the new structure of the code, it was necessary to have a flag to say whether CORS is to be applied at all. Rather than hard-coding 'true' here, I chose to add a new option: 'http_default_cors_enabled'. This is a boolean that allows the operator to disable Prosody's default CORS policy entirely (the one that is used when a module or config does not override it). This makes it easier to disable CORS and then selectively enable it only on services you want it on.
* mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)Matthew Wild2022-03-281-1/+1
| | | | | | | | | The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
* mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)Matthew Wild2022-03-281-13/+31
| | | | | This is far better than pre-0.12, because we now have a universal way to configure and enable/disable CORS on a per-module basis.
* mod_http: Use interface name as default default global hostnameKim Alvefur2022-02-041-1/+1
| | | | | | | http://[::]:5280/ is as sensible as http://*:5280/ so why not This might be a bit weird when listening no multiple interfaces but not sure we can really do anything sensible then anyway.
* mod_http: Use http_default_host for URLs generated in global contextKim Alvefur2022-02-041-1/+2
| | | | | This might make the global routes less confusing sometimes, or at least valid URLs instead of http://*:5280/ which doesn't make much sense.
* mod_http: Increase severity of loading unreachable http modulesKim Alvefur2022-01-151-1/+1
| | | | | | | | This is either caused by an earlier failure to bind http/s ports, in which case that should be corrected, or explicitly disbling the http/s ports, in which case ... why enable http modules? Suggested by jonas’
* mod_http: Skip querying portmanager when http_external_url when is setKim Alvefur2021-11-271-8/+17
| | | | | | | | When http_external_url is set then the portmanager usage only really serves as a check of whether any http service is enabled at all. Should allow generating an URL from prosodyctl when http_external_url is set.
* mod_http: Limit unencrypted http port (5280) to loopback by defaultKim Alvefur2022-01-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | Since accessing this port directly over the wider Internet is unlikely to intentional anymore. Most uses will likely be by reverse proxies, by mistake or because of trouble configuring HTTPS. Blocking mistaken uses is just a good thing, letting users send potentially private things unencrypted tends to be Strongly Discouraged these days. Many reverse proxy setups operate over loopback, so listening there instead of all interfaces is a net improvement. Improved automatic certificate location and SNI support has mostly eliminated the need for manual certificate configuration so HTTPS should Just Work once certificates have been provided. For local testing during development, connecting over loopback is likely fine as well. When really needed, `http_interfaces` can still be set. Suggested by Link Mauve
* mod_http: Clean up redirects handlers for wildcard on http module unloadKim Alvefur2021-12-221-0/+7
| | | | | These would previously be left behind. Probably mostly harmless except for clogging up the `debug:events()` listing in the console.
* Fix various spelling errors (thanks codespell)Kim Alvefur2021-07-271-1/+1
| | | | | Also special thanks to timeless, for wordlessly reminding me to check for typos.
* mod_http: Consolidate handling of proxied connection detailsKim Alvefur2021-02-271-9/+9
| | | | | Trying to move everything relating to proxies and X-Forwarded-Foo into a single place.
* net.http.server: Set request.ip so mod_http doesn't have toKim Alvefur2021-02-271-1/+1
| | | | | | | | Because it already sets request.secure, which depends on the connection, just like the IP, so it makes sense to do both in the same place. Dealing with proxies can be left to mod_http for now, but maybe it could move into some util some day?
* Merge 0.11->trunkKim Alvefur2021-02-271-3/+3
|\
| * mod_http: Restore ip field for requests without proxiesKim Alvefur2021-02-271-2/+2
| | | | | | | | | | 8603011e51fe optimized out more than just the loop, leaving the .ip field blank when the request wasn't from a proxy.
| * mod_http: Fix trusted proxies check (thanks buildbot)Kim Alvefur2021-02-181-1/+1
| | | | | | | | | | is_trusted_proxy() is only in trunk, I dun goofed when I rebased 8603011e51fe from trunk.
* | mod_http: Improve message for missing 'route'Kim Alvefur2021-02-231-1/+1
| | | | | | | | | | This was the late night early draft text, thought I had amended this but apparently I forgot.
* | mod_http: Warn if app is missing 'route'Kim Alvefur2021-02-211-1/+7
| | | | | | | | | | | | | | | | | | | | Makes no sense to have a http module with no handlers Would have helped me when I accidentally module:provides("http", { GET = handler; })
* | mod_http: Allow modifying CORS header list via :provides APIKim Alvefur2019-12-301-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { headers = { Accept = true; Expect = false; }; }; route = { ... }; }); Case might be weird.
* | mod_http: Allow setting the CORS credentials flag via :provides APIKim Alvefur2019-12-301-1/+9
| | | | | | | | | | | | | | | | | | | | | | E.g. module:provides("http", { cors = { credentials = true; }; route = { ... }; });
* | mod_http: Optimize proxy IP checkKim Alvefur2021-02-181-0/+3
| | | | | | | | | | No need to do a subnet match comparison to see if two IP addresses match exactly.
* | mod_http: Consider x-forwarded-proto from trusted proxiesKim Alvefur2021-02-181-0/+4
| | | | | | | | | | | | | | Should be better than setting consider_{bosh,websocket}_secure as that may end up causing actually insecure requests to be considered secure. Doing it here, as with IP, should make this apply to all HTTP modules.
* | Merge 0.11->trunkKim Alvefur2021-02-181-1/+1
|\|
| * mod_http: Skip IP resolution in non-proxied caseKim Alvefur2021-02-181-1/+1
| | | | | | | | | | Skips doing the whole get_ip_from_request() dance if the request isn't from a proxy at all, even if the client sent the header for some reason.
* | mod_http: Silence warnings when running under prosodyctlMatthew Wild2020-09-111-2/+4
| |
* | mod_http: Add way to signal that a module supports streaming uploadsKim Alvefur2020-08-011-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #726 API: module:provides("http", { streaming_uploads = true; route = { PUT = function (event) event.request.body_sink = io.tmpfile(); return true; end } })
* | net.http.parser: Allow specifying sink for large request bodiesKim Alvefur2020-08-011-0/+9
| | | | | | | | | | | | | | This enables uses such as saving uploaded files directly to a file on disk or streaming parsing of payloads. See #726
* | mod_http: Support CIDR for trusted proxies.Boris Grozev2020-06-101-1/+16
| |
* | mod_http: Tell luacheck to ignore the long comment linesKim Alvefur2020-05-141-0/+1
| |
* | mod_http: Add documentation to the non-obvious logic of get_ip_from_requestJonas Schäfer2020-05-141-0/+7
| | | | | | | | Because docs are good.
* | mod_net_multiplex: Add support for using ALPNKim Alvefur2019-11-291-0/+1
| | | | | | | | | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose.
* | mod_http: Log served URLs at 'info' levelKim Alvefur2019-11-291-1/+1
| | | | | | | | | | | | These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything.
* | mod_http: Soften dependency on mod_http_errorsKim Alvefur2019-11-161-1/+3
| | | | | | | | | | | | This allows disabling mod_http_errors by adding it to moduless_disabled and ensures mod_http loads even if the error pages aren't as pretty.
* | mod_http: Unhook CORS related event handlersKim Alvefur2019-10-101-3/+10
| | | | | | | | | | | | | | Prevents CORS related handlers from being left over on reload. BC: `mod_http.apps[app_name][event_name]` is now a table instead of the main handler function.
* | mod_http: Add support for configuring CORS Access-Control-Allow-CredentialsMatthew Wild2019-09-111-2/+6
| |
* | core.certmanager: Do not ask for client certificates by defaultKim Alvefur2019-03-101-3/+0
| | | | | | | | | | | | Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it.
* | mod_http: Determine CORS methods to whitelist from actual methods usedKim Alvefur2019-01-171-2/+9
| |
* | mod_http: Set up to handle OPTIONSKim Alvefur2019-01-181-0/+7
| | | | | | | | | | Lower priority to allow http modules to handle it themselves, should they wish to
* | mod_http: Solve CORS problems once and for allKim Alvefur2018-10-041-0/+19
|/ | | | | | | This blindly allows any cross-site requests. Future work should add an API to allow each HTTP app some influence over this for each HTTP path
* mod_http: Move normalize_path to util.httpKim Alvefur2018-10-141-10/+1
|
* Merge 0.10->trunkKim Alvefur2018-10-141-3/+7
|\
| * mod_http: Make sure path from http_external_url always ends with a slash ↵Kim Alvefur2018-10-141-3/+7
| | | | | | | | (fixes #1183)
* | mod_http: Support global HTTP modulesKim Alvefur2018-09-211-5/+16
| | | | | | | | Such modules simply ignore the Host header and always handle the same path.
* | Revert 2dc7490899ae::5d6b252bc36f: Unfinished and brokenKim Alvefur2018-09-211-12/+2
| |