Software /
code /
prosody-modules
Diff
mod_strict_https/mod_strict_https.lua @ 5411:b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching
Updates one of the least recently updated modules :)
Mapping HTTP Host to Prosody host remains awkward.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 03 May 2023 10:16:15 +0200 |
parent | 863:efa9c1676d1f |
child | 5415:f8797e3284ff |
line wrap: on
line diff
--- a/mod_strict_https/mod_strict_https.lua Tue May 02 19:06:17 2023 +0200 +++ b/mod_strict_https/mod_strict_https.lua Wed May 03 10:16:15 2023 +0200 @@ -1,5 +1,5 @@ -- HTTP Strict Transport Security --- https://tools.ietf.org/html/rfc6797 +-- https://www.rfc-editor.org/info/rfc6797 module:set_global(); @@ -7,38 +7,16 @@ local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year" -local _old_send_response; -local _old_fire_event; - -local modules = {}; - -function module.load() - _old_send_response = http_server.send_response; - function http_server.send_response(response, body) - response.headers.strict_transport_security = hsts_header; - return _old_send_response(response, body); - end - - _old_fire_event = http_server._events.fire_event; - function http_server._events.fire_event(event, payload) - local request = payload.request; - local host = event:match("^[A-Z]+ ([^/]+)"); - local module = modules[host]; - if module and not request.secure then - payload.response.headers.location = module:http_url(request.path); +module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data) + local request, response = event_data.request, event_data.response; + if request and response then + if request.secure then + response.headers.strict_transport_security = hsts_header; + else + -- This won't get the port number right + response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or ""); return 301; end - return _old_fire_event(event, payload); end -end -function module.unload() - http_server.send_response = _old_send_response; - http_server._events.fire_event = _old_fire_event; -end -function module.add_host(module) - local http_host = module:get_option_string("http_host", module.host); - modules[http_host] = module; - function module.unload() - modules[http_host] = nil; - end -end + return handlers(event_name, event_data); +end);