Software / code / prosody
Changeset
11392:a76493b75dec
mod_bosh: Include warning if endpoint accessed insecurely (#1172)
This is to make it obvious if a misconfigured a proxy or the request
really is insecure.
Perhaps it should also check c2s_require_encryption?
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 21 Feb 2021 06:18:22 +0100 |
| parents | 11391:8eff5c744395 |
| children | 11393:e6122e6a40a0 |
| files | plugins/mod_bosh.lua |
| diffstat | 1 files changed, 1 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_bosh.lua Sun Feb 21 06:17:40 2021 +0100 +++ b/plugins/mod_bosh.lua Sun Feb 21 06:18:22 2021 +0100 @@ -536,6 +536,7 @@ --- title = "Prosody BOSH endpoint"; message = "It works! Now point your BOSH client to this URL to connect to Prosody."; + warning = not (consider_bosh_secure or event.request.secure) and "This endpoint is not considered secure!" or nil; -- <p>For more information see <a href="https://prosody.im/doc/setting_up_bosh">Prosody: Setting up BOSH</a>.</p> }) or "This is the Prosody BOSH endpoint."; end
