Software /
code /
prosody-modules
File
mod_s2s_blacklist/mod_s2s_blacklist.lua @ 5458:813fe4f76286
mod_http_oauth2: Do minimal validation of private-use URI schemes
Per draft-ietf-oauth-v2-1-08#section-2.3.1
> At a minimum, any private-use URI scheme that doesn't contain a period
> character (.) SHOULD be rejected.
Since this would rule out the OOB URI, which is useful for CLI tools and
such without a built-in http server, it is explicitly allowed.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 16 May 2023 22:18:12 +0200 |
parent | 2893:d958558e0058 |
line wrap: on
line source
local st = require "util.stanza"; local blacklist = module:get_option_inherited_set("s2s_blacklist", {}); module:hook("route/remote", function (event) if blacklist:contains(event.to_host) then if event.stanza.attr.type ~= "error" then module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted")); end return true; end end, 100); module:hook("s2s-stream-features", function (event) if blacklist:contains(event.origin.from_host) then event.origin:close({ condition = "policy-violation"; text = "Communication with this domain is restricted"; }); end end, 1000);