aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_websocket.lua
Commit message (Collapse)AuthorAgeFilesLines
* mod_websocket: Merge session close handling changes from mod_c2s (bug fixes)origin/13.013.0Matthew Wild37 hours1-11/+17
| | | | | | | | | | | | | | | | | This should bring some fixes and general robustness that mod_websocket had missed out on. The duplicated code here is not at all ideal. To prevent this happening again, we should figure out how to have the common logic in a single place, while still being able to do the websocket-specific parts that we need. The main known bug that this fixes is that it's possible for a session to get into a non-destroyable state. For example, if we try to session:close() a hibernating session, then session.conn is nil and the function will simply return without doing anything. In the mod_c2s code we already handle this, and just destroy the session. But if a hibernating websocket session is never resumed or becomes non-resumable, it will become immortal! By merging the fix from mod_c2s, the session should now be correctly destroyed.
* mod_bosh,mod_websocket: Don't load mod_http_altconnect in global contextKim Alvefur2025-02-221-1/+3
| | | | | | It blocked loading on VirtualHosts since it was already loaded globally Thanks eTaurus
* mod_bosh, mod_websocket: Add soft dependency on mod_http_altconnectMatthew Wild2025-02-161-0/+2
|
* plugins: Use integer config API with interval specification where sensibleKim Alvefur2023-07-171-3/+3
| | | | | | | Many of these fall into a few categories: - util.cache size, must be >= 1 - byte or item counts that logically can't be negative - port numbers that should be in 1..0xffff
* plugins: Switch to :get_option_period() for time range optionsKim Alvefur2023-07-161-1/+1
| | | | Improves readability ("1 day" vs 86400) and centralizes validation.
* plugins: Prefix module imports with prosody namespaceKim Alvefur2023-03-241-12/+12
|
* mod_websocket: Fire pre-session-close event (fixes #1800)0.12.3Matthew Wild2023-02-201-0/+3
| | | | | | | | | | | | | | | | This event was added in a7c183bb4e64 and is required to make mod_smacks know that a session was intentionally closed and shouldn't be hibernated (see fcea4d9e7502). Because this was missing from mod_websocket's session.close(), mod_smacks would always attempt to hibernate websocket sessions even if they closed cleanly. That mod_websocket has its own copy of session.close() is something to fix another day (probably not in the stable branch). So for now this commit makes the minimal change to get things working again. Thanks to Damian and the Jitsi team for reporting.
* mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)Matthew Wild2022-03-281-0/+3
| | | | | | | | | The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
* mod_websocket: Only enable host-agnostic HTTP routing when enabled globallyKim Alvefur2022-02-041-1/+3
| | | | | | | This way the host-agnostic http://*:5280/ handler is not enabled, but BOSH can still be used with any local VirtualHost Ref #1712
* mod_c2s,etc: Identify stanza object with appropriate functionKim Alvefur2021-10-241-2/+2
| | | | | Better than duck typing, in case anyone ever passes a non-stanza table with a 'name' field.
* mod_bosh,mod_websocket: Make into global-shared modules (...again)Kim Alvefur2021-06-211-12/+14
| | | | | | | | | | | | Global modules aren't quite considered loaded onto hosts, which causes confusion in some cases. They are also reported in the log as being served on http://*:5280/foo which is also a bit confusing, and can't be clicked. Global modules also have to have their paths configured in the global section, which could be confusing and unexpected. This global+shared method should be the best of both worlds.
* Merge 0.11->trunkMatthew Wild2021-05-131-1/+1
|\
| * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default ↵Matthew Wild2021-05-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions.
* | mod_websocket: Use mod_http_errors html template #1172Kim Alvefur2021-02-211-4/+12
| | | | | | | | Same as the prior commit to mod_bosh
* | mod_websocket: Inherit security status from http requestKim Alvefur2021-02-181-1/+1
| | | | | | | | | | | | | | Allows requests considered secure becasue of a proxy header to carry over to the client session. mod_bosh does this too.
* | Merge 0.11->trunkMatthew Wild2020-09-291-76/+106
|\|
| * mod_websocket: Refactor frame validity checking, also check ↵Matthew Wild2020-09-291-77/+95
| | | | | | | | partially-received frames against constraints
| * mod_websocket: Continue to process data already in the buffer after an error ↵Matthew Wild2020-09-281-1/+1
| | | | | | | | | | | | | | | | | | | | occurs Previously any error, or even a normal websocket close frame, would return early, leaving potentially entire frames in the buffer unprocessed and then discarded. This change stops processing new data, but returns an existing processed data up to the point of the error/close.
| * mod_websocket: Enforce stanza size limit and close streamMatthew Wild2020-09-171-0/+4
| |
| * mod_websocket: Add separate limit for frame buffer sizeMatthew Wild2020-09-171-2/+2
| |
| * mod_websocket: handle full frame buffer and raise stream errorMatthew Wild2020-09-171-1/+5
| |
| * mod_websocket: Switch partial frame buffering to util.dbufferMatthew Wild2020-09-171-3/+8
| | | | | | | | | | This improves performance and enforces stanza size limits earlier in the pipeline.
| * mod_websocket: Fire event on session creation (thanks Aaron van Meerten)Matthew Wild2020-01-241-0/+2
| |
* | mod_bosh, mod_websocket: Add config options to override GET responsesMatthew Wild2020-04-201-3/+7
| |
* | mod_websocket: Fire event on session creation (thanks Aaron van Meerten)Matthew Wild2020-01-241-0/+2
| |
* | Merge 0.11->trunkKim Alvefur2020-01-021-0/+1
|\|
| * mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484)0.11.4Kim Alvefur2020-01-021-0/+1
| |
* | mod_websocket: Guard against upgrading to websocket from a HEAD requestKim Alvefur2019-10-121-1/+1
| |
* | plugins: Remove tostring call from loggingKim Alvefur2019-07-301-1/+1
| | | | | | | | | | | | Taken care of by loggingmanager now Mass-rewrite using lua pattern like `tostring%b()`
* | Merge 0.11->trunkKim Alvefur2019-07-281-0/+1
|\|
| * mod_websocket: Clone stanza before mutating (fixes #1398)Kim Alvefur2019-07-201-0/+1
| | | | | | | | | | | | | | | | | | | | | | Checking for `stanza.attr.xmlns == nil` to determine if the stanza object is an actual stanza (`<message>`, `<presence>` or `<iq>` in the `jabber:client` or `jabbber:server` namespace) or some other stream element. Since this mutation is not reverted, it may leak to other places and cause them to mistreat stanzas as stream elements. Especially in cases like MUC where a single stanza is broadcast to many recipients.
| * mod_websocket: Log an error if cross_domain_websocket = true is set in a ↵Kim Alvefur2019-01-221-0/+5
| | | | | | | | VirtualHost section
| * mod_websocket: Include the value of cross_domain_websocket in debug messageKim Alvefur2019-01-181-1/+1
| |
* | mod_bosh, mod_websocket: Remove accidentally included dependency on ↵Kim Alvefur2019-01-191-1/+0
| | | | | | | | non-existant module
* | mod_websocket: Drop CORS code in favor of that in mod_httpKim Alvefur2018-10-041-34/+4
|/ | | | | Like for mod_bosh, deprecates consider_websocket_secure and depend on mod_http_crossdomain if it is set.
* mod_websocket: Silence the one warning instead of ignoring the entire fileKim Alvefur2018-09-301-0/+2
|
* mod_websocket: Serve HTTP in global contextKim Alvefur2018-09-221-9/+10
|
* Merge 0.10 -> trunkMatthew Wild2018-05-161-0/+1
|\ | | | | | | | | This commit intentionally drops changes from c2b99fa134b3 and 8da11142fabf which are based on older MUC code.
| * mod_websocket: Store the request object on the session for use by other modules0.10.1Matthew Wild2018-05-081-0/+1
| |
* | mod_websocket: Transfer IP address derived by mod_httpKim Alvefur2018-03-151-0/+4
|/
* mod_websocket: Convert set to string (syslog sink needs a better fix)Kim Alvefur2017-05-161-1/+1
|
* mod_websocket: Log state of cross domain set after changing itKim Alvefur2017-04-031-0/+1
|
* mod_websocket: Make open_stream method behave like the one from util.xmppstreamKim Alvefur2017-03-021-2/+5
|
* mod_websocket: Include xml:lang attribute on stream <open> (fixes #840)Kim Alvefur2017-03-021-0/+1
|
* mod_websocket: Set connections starttls method to false to prevent mod_tls ↵Kim Alvefur2017-02-251-0/+2
| | | | from offering starttls (fixes #837)
* mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base ↵Kim Alvefur2016-12-051-2/+6
| | | | URL of the current host
* mod_websocket: Add the base URL of each host module is enabled on to ↵Kim Alvefur2016-12-051-0/+13
| | | | 'cross_domain_websocket'
* mod_websocket: Verify that the client-sent Origin header matches ↵Kim Alvefur2016-12-051-9/+13
| | | | cross_domain_websocket (fixes #652)
* mod_websocket: Use contains_token from util.http for checking if the ↵Kim Alvefur2016-12-041-4/+2
| | | | requested WebSocket sub-protocols include XMPP
* mod_websocket: Add some debug messagesKim Alvefur2016-12-041-0/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-13 07:15:47 +0000