Software /
code /
prosody-modules
File
mod_http_libjs/mod_http_libjs.lua @ 5404:1087f697c3f3
mod_http_oauth2: Strip unknown extra fields from client registration
We shouldn't sign things we don't understand!
RFC 7591 section-2 states:
> The authorization server MUST ignore any client metadata sent by the
> client that it does not understand (for instance, by silently removing
> unknown metadata from the client's registration record during
> processing).
Prevents grandfathering in of unvalidated data that might become used
later, especially since the 'additionalProperties' schema keyword was
removed in 698fef74ce53
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:23:40 +0200 |
parent | 4976:75b6e5df65f9 |
line wrap: on
line source
local mime_map = module:shared("/*/http_files/mime").types or { css = "text/css", js = "application/javascript", }; local serve; if prosody.process_type == "prosody" then local http_files = require "net.http.files"; serve = http_files.serve; else serve = module:depends"http_files".serve; end local libjs_path = module:get_option_string("libjs_path", "/usr/share/javascript"); do -- sanity check local lfs = require "lfs"; local exists, err = lfs.attributes(libjs_path, "mode"); if exists ~= "directory" then module:log("error", "Problem with 'libjs_path': %s", err or "not a directory"); end end module:provides("http", { default_path = "/share"; route = { ["GET /*"] = serve({ path = libjs_path, mime_map = mime_map }); } });