From 7fefafa8f6cc312b41f69d8149d5a926657bc9fb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 4 Oct 2018 12:24:08 +0200 Subject: mod_websocket: Drop CORS code in favor of that in mod_http Like for mod_bosh, deprecates consider_websocket_secure and depend on mod_http_crossdomain if it is set. --- plugins/mod_websocket.lua | 38 ++++---------------------------------- 1 file changed, 4 insertions(+), 34 deletions(-) (limited to 'plugins/mod_websocket.lua') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index a668b4fa..da0ce8a6 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -29,18 +29,11 @@ local t_concat = table.concat; local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure"); -local cross_domain = module:get_option_set("cross_domain_websocket", {}); -if cross_domain:contains("*") or cross_domain:contains(true) then - cross_domain = true; +local cross_domain = module:get_option("cross_domain_websocket"); +if cross_domain ~= nil then + module:log("info", "The 'cross_domain_websocket' option has been deprecated"); + module:depends("http_crossdomain"); end - -local function check_origin(origin) - if cross_domain == true then - return true; - end - return cross_domain:contains(origin); -end - local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing"; local xmlns_streams = "http://etherx.jabber.org/streams"; local xmlns_client = "jabber:client"; @@ -158,11 +151,6 @@ function handle_request(event) return 501; end - if not check_origin(request.headers.origin or "") then - module:log("debug", "Origin %s is not allowed by 'cross_domain_websocket'", request.headers.origin or "(missing header)"); - return 403; - end - local function websocket_close(code, message) conn:write(build_close(code, message)); conn:close(); @@ -329,22 +317,4 @@ module:provides("http", { function module.add_host(module) module:hook("c2s-read-timeout", keepalive, -0.9); - - if cross_domain ~= true then - local url = require "socket.url"; - local ws_url = module:http_url("websocket", "xmpp-websocket"); - local url_components = url.parse(ws_url); - -- The 'Origin' consists of the base URL without path - url_components.path = nil; - local this_origin = url.build(url_components); - local local_cross_domain = module:get_option_set("cross_domain_websocket", { this_origin }); - -- Don't add / remove something added by another host - -- This might be weird with random load order - local_cross_domain:exclude(cross_domain); - cross_domain:include(local_cross_domain); - module:log("debug", "cross_domain = %s", tostring(cross_domain)); - function module.unload() - cross_domain:exclude(local_cross_domain); - end - end end -- cgit v1.2.3 From 2612e75c8a206c174071c66a6fe938b07349e55a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 19 Jan 2019 20:03:04 +0100 Subject: mod_bosh, mod_websocket: Remove accidentally included dependency on non-existant module --- plugins/mod_websocket.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins/mod_websocket.lua') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index da0ce8a6..008f6823 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -32,7 +32,6 @@ local consider_websocket_secure = module:get_option_boolean("consider_websocket_ local cross_domain = module:get_option("cross_domain_websocket"); if cross_domain ~= nil then module:log("info", "The 'cross_domain_websocket' option has been deprecated"); - module:depends("http_crossdomain"); end local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing"; local xmlns_streams = "http://etherx.jabber.org/streams"; -- cgit v1.2.3 From 40b1e3e0ed1223517f29bcf136fc08a6f33b17f2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 30 Jul 2019 02:29:36 +0200 Subject: plugins: Remove tostring call from logging Taken care of by loggingmanager now Mass-rewrite using lua pattern like `tostring%b()` --- plugins/mod_websocket.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_websocket.lua') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 4ef9a07f..c94ea84a 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -80,7 +80,7 @@ local function session_close(session, reason) stream_error = reason; end end - log("debug", "Disconnecting client, is: %s", tostring(stream_error)); + log("debug", "Disconnecting client, is: %s", stream_error); session.send(stream_error); end -- cgit v1.2.3 From bf5f096225ec159e50e38b6631114553a03adce9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 12 Oct 2019 19:16:43 +0200 Subject: mod_websocket: Guard against upgrading to websocket from a HEAD request --- plugins/mod_websocket.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_websocket.lua') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index c94ea84a..386a4d60 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -136,7 +136,7 @@ function handle_request(event) conn.starttls = false; -- Prevent mod_tls from believing starttls can be done - if not request.headers.sec_websocket_key then + if not request.headers.sec_websocket_key or request.method ~= "GET" then response.headers.content_type = "text/html"; return [[Websocket

It works! Now point your WebSocket client to this URL to connect to Prosody.

-- cgit v1.2.3 From 634408ca294da12888871740d296fb0a955f13ae Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 24 Jan 2020 16:21:30 +0000 Subject: mod_websocket: Fire event on session creation (thanks Aaron van Meerten) --- plugins/mod_websocket.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins/mod_websocket.lua') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 101039e1..4d3e79bb 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -292,6 +292,8 @@ function handle_request(event) response.headers.sec_webSocket_accept = base64(sha1(request.headers.sec_websocket_key .. "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")); response.headers.sec_webSocket_protocol = "xmpp"; + module:fire_event("websocket-session", { session = session, request = request }); + session.log("debug", "Sending WebSocket handshake"); return ""; -- cgit v1.2.3 From ff9bdefc7e961f217580194146ee6bda8c6b9827 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 20 Apr 2020 11:30:59 +0100 Subject: mod_bosh, mod_websocket: Add config options to override GET responses --- plugins/mod_websocket.lua | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'plugins/mod_websocket.lua') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 4d3e79bb..1a0c0046 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -130,6 +130,12 @@ local function filter_open_close(data) return data; end + +local default_get_response_body = [[Websocket +

It works! Now point your WebSocket client to this URL to connect to Prosody.

+]] +local websocket_get_response_body = module:get_option_string("websocket_get_response_body", default_get_response_body) + function handle_request(event) local request, response = event.request, event.response; local conn = response.conn; @@ -138,9 +144,7 @@ function handle_request(event) if not request.headers.sec_websocket_key or request.method ~= "GET" then response.headers.content_type = "text/html"; - return [[Websocket -

It works! Now point your WebSocket client to this URL to connect to Prosody.

- ]]; + return websocket_get_response_body; end local wants_xmpp = contains_token(request.headers.sec_websocket_protocol or "", "xmpp"); -- cgit v1.2.3