prosody
f45a29b32f7a
spec/scansion/presence_preapproval.scs
Software / code / prosody
File
spec/scansion/presence_preapproval.scs @ 13127:f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.
By only supporting one at a time, it can be configured to match what the
proxy uses.
Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 03 Jun 2023 21:53:20 +0200 |
| parent | 10515:35bf3b80480f |
line wrap: on
line source
# server supports contact subscription pre-approval (RFC 6121 3.4) [Client] Alice jid: preappove-a@localhost password: password [Client] Bob jid: preapprove-b@localhost password: password --------- Alice connects Alice sends: <presence/> Alice receives: <presence/> Alice sends: <presence to="${Bob's JID}" type="subscribed"/> Bob connects Bob sends: <iq type="get" id="roster1"> <query xmlns="jabber:iq:roster"/> </iq> Bob receives: <iq type="result" id="roster1"> <query xmlns="jabber:iq:roster" ver="{scansion:any}"> </query> </iq> Bob sends: <presence/> Bob receives: <presence from="${Bob's full JID}"/> Bob sends: <presence to="${Alice's JID}" type="subscribe" /> Bob receives: <iq type='set' id='{scansion:any}'> <query ver='1' xmlns='jabber:iq:roster'> <item jid="${Alice's JID}" subscription='none' ask='subscribe' /> </query> </iq> Bob receives: <presence from="${Alice's JID}" type="subscribed" /> Bob disconnects Alice sends: <iq type="get" id="roster1"> <query xmlns="jabber:iq:roster"/> </iq> Alice receives: <iq type="result" id="roster1"> <query xmlns="jabber:iq:roster" ver="{scansion:any}"> <item jid="${Bob's JID}" subscription="from" /> </query> </iq> Alice disconnects Bob disconnects
