File

mod_http: Limit unencrypted http port (5280) to loopback by default Since accessing this port directly over the wider Internet is unlikely to intentional anymore. Most uses will likely be by reverse proxies, by mistake or because of trouble configuring HTTPS. Blocking mistaken uses is just a good thing, letting users send potentially private things unencrypted tends to be Strongly Discouraged these days. Many reverse proxy setups operate over loopback, so listening there instead of all interfaces is a net improvement. Improved automatic certificate location and SNI support has mostly eliminated the need for manual certificate configuration so HTTPS should Just Work once certificates have been provided. For local testing during development, connecting over loopback is likely fine as well. When really needed, `http_interfaces` can still be set. Suggested by Link Mauve

local st = require "util.stanza";
local muc_util = module:require "muc/util";

local xmlns_hats = "xmpp:prosody.im/protocol/hats:1";

-- Strip any hats claimed by the client (to prevent spoofing)
muc_util.add_filtered_namespace(xmlns_hats);


module:hook("muc-build-occupant-presence", function (event)
	local bare_jid = event.occupant and event.occupant.bare_jid or event.bare_jid;
	local aff_data = event.room:get_affiliation_data(bare_jid);
	local hats = aff_data and aff_data.hats;
	if not hats then return; end
	local hats_el;
	for hat_id, hat_data in pairs(hats) do
		if hat_data.active then
			if not hats_el then
				hats_el = st.stanza("hats", { xmlns = xmlns_hats });
			end
			hats_el:tag("hat", { uri = hat_id, title = hat_data.title }):up();
		end
	end
	if not hats_el then return; end
	event.stanza:add_direct_child(hats_el);
end);