Mercurial Mercurial > prosody > prosody-modules / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_strict_https/mod_strict_https.lua
author Kim Alvefur <zash@zash.se>
Thu, 18 May 2023 12:57:23 +0200
changeset 5472 14b5446e22e1
parent 5419 f8797e3284ff
permissions -rw-r--r--
mod_http_oauth2: Fix returning errors from response handlers This would either redirect the user back to the client along with the error code, or show the error HTML template. Previously this would just show some JSON to the user.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
861
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     1
 
-- HTTP Strict Transport Security
5415
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset 
     2
 
-- https://www.rfc-editor.org/info/rfc6797
861
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     3
 












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     4


module:set_global();












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     5














1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     6


local http_server = require "net.http.server";












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     7









863






efa9c1676d1f
mod_strict_https: Correct underscore to hypen in max-age directive



Kim Alvefur <zash@zash.se>


parents: 
861

diff
changeset




     8


local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"







5419






f8797e3284ff
mod_strict_https: Add way to disable redirect



Kim Alvefur <zash@zash.se>


parents: 
5415

diff
changeset




     9


local redirect = module:get_option_boolean("hsts_redirect", true);







861






1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    10









5415






b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    11


module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data)












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    12


	local request, response = event_data.request, event_data.response;












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    13


	if request and response then












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    14


		if request.secure then












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    15


			response.headers.strict_transport_security = hsts_header;







5419






f8797e3284ff
mod_strict_https: Add way to disable redirect



Kim Alvefur <zash@zash.se>


parents: 
5415

diff
changeset




    16


		elseif redirect then







5415






b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    17


			-- This won't get the port number right












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    18


			response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or "");







861






1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    19


			return 301;












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    20


		end












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    21


	end







5415






b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    22


	return handlers(event_name, event_data);












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    23


end);














prosody-modules