prosody
f45a29b32f7a
net/httpserver.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

net/httpserver.lua @ 13127:f45a29b32f7a

mod_http: Make RFC 7239 Forwarded opt-in for now to be safe Supporting both methods at the same time may open to spoofing attacks, whereby a client sends a Forwarded header that is not stripped by a reverse proxy, leading Prosody to use that instead of the X-Forwarded-* headers actually sent by the proxy. By only supporting one at a time, it can be configured to match what the proxy uses. Disabled by default since implementations are sparse and X-Forwarded-* are everywhere.
author Kim Alvefur <zash@zash.se>
date Sat, 03 Jun 2023 21:53:20 +0200
parent 12974:ba409c67353b
line wrap: on
line source

-- COMPAT w/pre-0.9
local log = require "prosody.util.logger".init("net.httpserver");
local traceback = debug.traceback;

local _ENV = nil;
-- luacheck: std none

local function fail()
	log("error", "Attempt to use legacy HTTP API. For more info see https://prosody.im/doc/developers/legacy_http");
	log("error", "Legacy HTTP API usage, %s", traceback("", 2));
end

return {
	new = fail;
	new_from_config = fail;
	set_default_handler = fail;
};