prosody-modules
97375a78d2b5
mod_http_debug/mod_http_debug.lua
Software / code / prosody-modules
File
mod_http_debug/mod_http_debug.lua @ 5984:97375a78d2b5
mod_http_oauth2: Reject URLs with 'userinfo' part (thanks mimi89999)
The LuaSocket parser supports these but they're deprecated without
replacement by RFC 3986
> Use of the format "user:password" in the userinfo field is deprecated
Allowing it in OAuth2 URLs is probably bad from a security perspective.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 29 Aug 2024 16:02:46 +0200 |
| parent | 5492:b6af4d1ff8c1 |
line wrap: on
line source
local json = require "util.json" module:depends("http") local function handle_request(event) local request = event.request; (request.log or module._log)("debug", "%s -- %s %q HTTP/%s -- %q -- %s", request.ip, request.method, request.url, request.httpversion, request.headers, request.body); return { status_code = 200; headers = { content_type = "application/json" }; host = module.host; body = json.encode { body = request.body; headers = request.headers; httpversion = request.httpversion; id = request.id; ip = request.ip; method = request.method; path = request.path; secure = request.secure; url = request.url; }; } end local methods = module:get_option_set("http_debug_methods", { "GET"; "HEAD"; "DELETE"; "OPTIONS"; "PATCH"; "POST"; "PUT" }); local route = {}; for method in methods do route[method] = handle_request; route[method .. " /*"] = handle_request; end module:provides("http", { route = route; })
