Software / code / prosody
Diff
plugins/mod_http.lua @ 11408:1b6298e7b550
Merge 0.11->trunk
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 27 Feb 2021 21:07:36 +0100 |
| parent | 11400:19a59cb7311e |
| parent | 11407:8d6e013377fa |
| child | 11409:d30c44a829c1 |
line wrap: on
line diff
--- a/plugins/mod_http.lua Fri Feb 26 00:20:24 2021 +0100 +++ b/plugins/mod_http.lua Sat Feb 27 21:07:36 2021 +0100 @@ -262,7 +262,7 @@ local function get_ip_from_request(request) local ip = request.conn:ip(); local forwarded_for = request.headers.x_forwarded_for; - if forwarded_for then + if forwarded_for and is_trusted_proxy(ip) then -- luacheck: ignore 631 -- This logic looks weird at first, but it makes sense. -- The for loop will take the last non-trusted-proxy IP from `forwarded_for`. @@ -283,11 +283,11 @@ module:wrap_object_event(server._events, false, function (handlers, event_name, event_data) local request = event_data.request; - if request and is_trusted_proxy(request.conn:ip()) then + if request then -- Not included in eg http-error events request.ip = get_ip_from_request(request); - if not request.secure and request.headers.x_forwarded_proto == "https" then + if not request.secure and request.headers.x_forwarded_proto == "https" and is_trusted_proxy(request.conn:ip()) then request.secure = true; end end
