Annotate
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.
By only supporting one at a time, it can be configured to match what the
proxy uses.
Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
| author |
Kim Alvefur <zash@zash.se> |
| date |
Sat, 03 Jun 2023 21:53:20 +0200 |
| parent |
5403:d7ecf6cd584e |
| rev |
line source |
|
5403
|
1
|
|
|
2 The Prosody project is open to contributions (see HACKERS file), but is
|
|
|
3 maintained daily by:
|
|
94
|
4
|
|
5403
|
5 - Matthew Wild (mail: matthew [at] prosody.im)
|
|
|
6 - Waqas Hussain (mail: waqas [at] prosody.im)
|
|
|
7 - Kim Alvefur (mail: zash [at] prosody.im)
|
|
|
8
|
|
|
9 You can reach us collectively by email: developers [at] prosody.im
|
|
|
10 or in realtime in the Prosody chatroom: prosody@conference.prosody.im
|
