prosody-modules
2b10e51d85a6
mod_strict_https/mod_strict_https.lua
Software / code / prosody-modules
File
mod_strict_https/mod_strict_https.lua @ 3965:2b10e51d85a6
mod_muc_limits: Add config option to limit to join stanzas only
This is a bit more limited in pre-0.11 MUC modules, because it just
detects stanzas sent to full JIDs (which would include all presence
and nick changes).
This option is useful for setups where users are typically unaffiliated,
but trusted (e.g. if access to the room is gated through some other
means such as password/token auth).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 03 Apr 2020 12:26:56 +0100 |
| parent | 863:efa9c1676d1f |
| child | 5411:b3158647cb36 |
line wrap: on
line source
-- HTTP Strict Transport Security -- https://tools.ietf.org/html/rfc6797 module:set_global(); local http_server = require "net.http.server"; local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year" local _old_send_response; local _old_fire_event; local modules = {}; function module.load() _old_send_response = http_server.send_response; function http_server.send_response(response, body) response.headers.strict_transport_security = hsts_header; return _old_send_response(response, body); end _old_fire_event = http_server._events.fire_event; function http_server._events.fire_event(event, payload) local request = payload.request; local host = event:match("^[A-Z]+ ([^/]+)"); local module = modules[host]; if module and not request.secure then payload.response.headers.location = module:http_url(request.path); return 301; end return _old_fire_event(event, payload); end end function module.unload() http_server.send_response = _old_send_response; http_server._events.fire_event = _old_fire_event; end function module.add_host(module) local http_host = module:get_option_string("http_host", module.host); modules[http_host] = module; function module.unload() modules[http_host] = nil; end end
