prosody
f45a29b32f7a
spec/scansion/muc_nickname_robotface.scs
Software / code / prosody
File
spec/scansion/muc_nickname_robotface.scs @ 13127:f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.
By only supporting one at a time, it can be configured to match what the
proxy uses.
Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 03 Jun 2023 21:53:20 +0200 |
| parent | 11411:f1fe37916501 |
line wrap: on
line source
# MUC: Prevent nicknames failing strict resourceprep [Client] Romeo jid: user@localhost password: password [Client] Roboteo jid: bot@localhost password: password ----- Romeo connects Romeo sends: <presence to="nobots@conference.localhost/Romeo"> <x xmlns="http://jabber.org/protocol/muc"/> </presence> Romeo receives: <presence from='nobots@conference.localhost/Romeo'> <x xmlns='http://jabber.org/protocol/muc#user'> <status code='201'/> <item jid="${Romeo's full JID}" affiliation='owner' role='moderator'/> <status code='110'/> </x> </presence> Romeo receives: <message type='groupchat' from='nobots@conference.localhost'><subject/></message> Roboteo connects Roboteo sends: <presence to="nobots@conference.localhost/🤖️"> <x xmlns="http://jabber.org/protocol/muc"/> </presence> Roboteo receives: <presence type='error' from='nobots@conference.localhost/🤖'> <error by='nobots@conference.localhost' type='modify'> <jid-malformed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Nickname must pass strict validation</text> </error> </presence>
