Comparison

mod_strict_https/mod_strict_https.lua @ 5411:b3158647cb36

mod_strict_https: Update to use modern APIs instead of monkey patching Updates one of the least recently updated modules :) Mapping HTTP Host to Prosody host remains awkward.
author Kim Alvefur <zash@zash.se>
date Wed, 03 May 2023 10:16:15 +0200
parent 863:efa9c1676d1f
child 5415:f8797e3284ff
comparison
equal deleted inserted replaced
5410:644b2f2b9b52 5411:b3158647cb36
1 -- HTTP Strict Transport Security 1 -- HTTP Strict Transport Security
2 -- https://tools.ietf.org/html/rfc6797 2 -- https://www.rfc-editor.org/info/rfc6797
3 3
4 module:set_global(); 4 module:set_global();
5 5
6 local http_server = require "net.http.server"; 6 local http_server = require "net.http.server";
7 7
8 local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year" 8 local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"
9 9
10 local _old_send_response; 10 module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data)
11 local _old_fire_event; 11 local request, response = event_data.request, event_data.response;
12 12 if request and response then
13 local modules = {}; 13 if request.secure then
14 14 response.headers.strict_transport_security = hsts_header;
15 function module.load() 15 else
16 _old_send_response = http_server.send_response; 16 -- This won't get the port number right
17 function http_server.send_response(response, body) 17 response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or "");
18 response.headers.strict_transport_security = hsts_header;
19 return _old_send_response(response, body);
20 end
21
22 _old_fire_event = http_server._events.fire_event;
23 function http_server._events.fire_event(event, payload)
24 local request = payload.request;
25 local host = event:match("^[A-Z]+ ([^/]+)");
26 local module = modules[host];
27 if module and not request.secure then
28 payload.response.headers.location = module:http_url(request.path);
29 return 301; 18 return 301;
30 end 19 end
31 return _old_fire_event(event, payload);
32 end 20 end
33 end 21 return handlers(event_name, event_data);
34 function module.unload() 22 end);
35 http_server.send_response = _old_send_response;
36 http_server._events.fire_event = _old_fire_event;
37 end
38 function module.add_host(module)
39 local http_host = module:get_option_string("http_host", module.host);
40 modules[http_host] = module;
41 function module.unload()
42 modules[http_host] = nil;
43 end
44 end