prosody
f45a29b32f7a
spec/scansion/tombstones.scs
Software / code / prosody
File
spec/scansion/tombstones.scs @ 13127:f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.
By only supporting one at a time, it can be configured to match what the
proxy uses.
Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 03 Jun 2023 21:53:20 +0200 |
| parent | 12116:efcf25ad5406 |
line wrap: on
line source
# Tombstones [Client] Romeo jid: romeo@localhost password: password [Client] Juliet jid: juliet-tombstones@localhost password: password --------- Romeo connects Juliet connects Juliet sends: <iq type="set" id="bye"> <query xmlns="jabber:iq:register"> <remove/> </query> </iq> # Scansion gets disconnected right after this with a stream error makes # scansion itself abort, so we preemptively disconnect to avoid that # Juliet receives: # <iq type="result" id="bye"/> Juliet disconnects Romeo sends: <presence type="probe" to="${Juliet's JID}"/> Romeo receives: <presence type="error" from="${Juliet's JID}"/> Romeo receives: <presence type="unsubscribed" from="${Juliet's JID}"/>
