From d18348b578ab72b09840fedfc58d7b6de5fb53b5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 21 Feb 2021 06:18:22 +0100 Subject: mod_bosh: Include warning if endpoint accessed insecurely (#1172) This is to make it obvious if a misconfigured a proxy or the request really is insecure. Perhaps it should also check c2s_require_encryption? --- plugins/mod_bosh.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index db281fcd..0fbf3037 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -536,6 +536,7 @@ local function GET_response(event) --- title = "Prosody BOSH endpoint"; message = "It works! Now point your BOSH client to this URL to connect to Prosody."; + warning = not (consider_bosh_secure or event.request.secure) and "This endpoint is not considered secure!" or nil; --

For more information see Prosody: Setting up BOSH.

}) or "This is the Prosody BOSH endpoint."; end -- cgit v1.2.3