Software / code / prosody
Annotate
util/hmac.lua @ 13854:0b01f40df0f9 13.0
mod_http_file_share: Add media-src 'self' to Content-Security-Policy header
This allows certain media files to be loaded when navigated to directly in a
web browser.
Note that in some browsers (Chrome), the media gets transformed
internally into a HTML page with some basic styles, but these are blocked due
to our default-src policy of 'none' Although this could be unblocked with
style-src unsafe-inline, it is not our plan to fix this, because this would
have negative security implications.
The reason for our CSP is to prevent the file share service from being used to
host malicious HTML/CSS/JS. Yes, CSS can be malicious.
Our file share service is for uploading and downloading files, it is not a
substitute for website/content hosting.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 18 Apr 2025 12:25:06 +0100 |
| parent | 12975:d10957394a3c |
| rev | line source |
|---|---|
|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
1 -- Prosody IM |
|
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1522
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1522
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5537
diff
changeset
|
4 -- |
|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
|
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
6 -- COPYING file in the source package for more information. |
|
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
7 -- |
|
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1516
diff
changeset
|
8 |
|
5537
15464633d8fb
util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents:
3540
diff
changeset
|
9 -- COMPAT: Only for external pre-0.9 modules |
|
15464633d8fb
util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents:
3540
diff
changeset
|
10 |
|
12975
d10957394a3c
util: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
12563
diff
changeset
|
11 local hashes = require "prosody.util.hashes" |
| 1456 | 12 |
| 9958 | 13 return { |
| 14 md5 = hashes.hmac_md5, | |
| 15 sha1 = hashes.hmac_sha1, | |
|
12561
adfb46a3e8a7
util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents:
9959
diff
changeset
|
16 sha224 = hashes.hmac_sha224, |
| 9958 | 17 sha256 = hashes.hmac_sha256, |
|
12561
adfb46a3e8a7
util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents:
9959
diff
changeset
|
18 sha384 = hashes.hmac_sha384, |
|
9959
45caa32992b6
util.hmac: Expose hmac-sha-512 too
Kim Alvefur <zash@zash.se>
parents:
9958
diff
changeset
|
19 sha512 = hashes.hmac_sha512, |
|
12563
d9a4e28689eb
util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents:
12561
diff
changeset
|
20 blake2s256 = hashes.hmac_blake2s256, |
|
d9a4e28689eb
util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents:
12561
diff
changeset
|
21 blake2b512 = hashes.hmac_blake2b512, |
| 9958 | 22 }; |
