Software / code / prosody
Changeset
11383:98b7ae7064b2
mod_http: Consider x-forwarded-proto from trusted proxies
Should be better than setting consider_{bosh,websocket}_secure as that
may end up causing actually insecure requests to be considered secure.
Doing it here, as with IP, should make this apply to all HTTP modules.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 18 Feb 2021 10:00:56 +0100 |
| parents | 11382:a0477656258c |
| children | 11384:f9edf26c66fc |
| files | plugins/mod_http.lua |
| diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_http.lua Thu Feb 18 12:02:11 2021 +0100 +++ b/plugins/mod_http.lua Thu Feb 18 10:00:56 2021 +0100 @@ -259,6 +259,10 @@ if request and is_trusted_proxy(request.conn:ip()) then -- Not included in eg http-error events request.ip = get_ip_from_request(request); + + if not request.secure and request.headers.x_forwarded_proto == "https" then + request.secure = true; + end end return handlers(event_name, event_data); end);
