Software / code / prosody
Annotate
util/import.lua @ 13854:0b01f40df0f9 13.0
mod_http_file_share: Add media-src 'self' to Content-Security-Policy header
This allows certain media files to be loaded when navigated to directly in a
web browser.
Note that in some browsers (Chrome), the media gets transformed
internally into a HTML page with some basic styles, but these are blocked due
to our default-src policy of 'none' Although this could be unblocked with
style-src unsafe-inline, it is not our plan to fix this, because this would
have negative security implications.
The reason for our CSP is to prevent the file share service from being used to
host malicious HTML/CSS/JS. Yes, CSS can be malicious.
Our file share service is for uploading and downloading files, it is not a
substitute for website/content hosting.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 18 Apr 2025 12:25:06 +0100 |
| parent | 12589:39ae08180c81 |
| rev | line source |
|---|---|
|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
896
diff
changeset
|
1 -- Prosody IM |
|
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1523
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
1523
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
2923
diff
changeset
|
4 -- |
| 758 | 5 -- This project is MIT/X11 licensed. Please see the |
| 6 -- COPYING file in the source package for more information. | |
|
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
49
diff
changeset
|
7 -- |
|
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
49
diff
changeset
|
8 |
|
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
49
diff
changeset
|
9 |
|
49
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
|
12589
39ae08180c81
compat: Remove handling of Lua 5.1 location of 'unpack' function
Kim Alvefur <zash@zash.se>
parents:
9692
diff
changeset
|
11 local unpack = table.unpack; |
|
49
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local t_insert = table.insert; |
|
8570
a4ef8cfa97bd
util.import: Explicitly export the global import function [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8389
diff
changeset
|
13 function _G.import(module, ...) |
|
49
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local m = package.loaded[module] or require(module); |
|
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 if type(m) == "table" and ... then |
|
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 local ret = {}; |
|
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 for _, f in ipairs{...} do |
|
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 t_insert(ret, m[f]); |
|
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 end |
|
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 return unpack(ret); |
|
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
|
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 return m; |
|
1cd2a8db392d
New "import" module to help tidy up all the local declarations at the top of modules
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 end |
