Software / code / prosody
Annotate
HACKERS @ 13127:f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.
By only supporting one at a time, it can be configured to match what the
proxy uses.
Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 03 Jun 2023 21:53:20 +0200 |
| parent | 9858:54147de1d1b1 |
| rev | line source |
|---|---|
| 13 | 1 Welcome hackers! |
| 2 | |
| 1082 | 3 This project accepts and *encourages* contributions. If you would like to get |
| 4 involved you can join us on our mailing list and discussion rooms. More | |
|
7359
a5a080c12c96
Update every link to the documentation to use HTTPS
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
2664
diff
changeset
|
5 information on these at https://prosody.im/discuss |
| 13 | 6 |
| 1082 | 7 Patches are welcome, though before sending we would appreciate if you read |
|
9858
54147de1d1b1
doc/coding_style.{txt,md}: Update coding style guide
Matthew Wild <mwild1@gmail.com>
parents:
7359
diff
changeset
|
8 docs/coding_style.md for guidelines on how to format your code, and other tips. |
| 2664 | 9 |
|
7359
a5a080c12c96
Update every link to the documentation to use HTTPS
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
2664
diff
changeset
|
10 Documentation for developers can be found at https://prosody.im/doc/developers |
| 2664 | 11 |
| 12 Have fun :) |
