prosody-modules: mod_strict_https/mod_strict_https.lua@62480053c87b (annotated)

861 1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	1	-- HTTP Strict Transport Security
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	2	-- https://tools.ietf.org/html/rfc6797
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	3
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	4	module:set_global();
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	5
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	6	local http_server = require "net.http.server";
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	7
863 efa9c1676d1f mod_strict_https: Correct underscore to hypen in max-age directive Kim Alvefur <zash@zash.se> parents: 861 diff changeset	8	local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"
861 1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	9
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	10	local _old_send_response;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	11	local _old_fire_event;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	12
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	13	local modules = {};
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	14
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	15	function module.load()
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	16	_old_send_response = http_server.send_response;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	17	function http_server.send_response(response, body)
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	18	response.headers.strict_transport_security = hsts_header;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	19	return _old_send_response(response, body);
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	20	end
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	21
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	22	_old_fire_event = http_server._events.fire_event;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	23	function http_server._events.fire_event(event, payload)
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	24	local request = payload.request;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	25	local host = event:match("^[A-Z]+ ([^/]+)");
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	26	local module = modules[host];
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	27	if module and not request.secure then
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	28	payload.response.headers.location = module:http_url(request.path);
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	29	return 301;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	30	end
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	31	return _old_fire_event(event, payload);
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	32	end
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	33	end
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	34	function module.unload()
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	35	http_server.send_response = _old_send_response;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	36	http_server._events.fire_event = _old_fire_event;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	37	end
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	38	function module.add_host(module)
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	39	local http_host = module:get_option_string("http_host", module.host);
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	40	modules[http_host] = module;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	41	function module.unload()
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	42	modules[http_host] = nil;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	43	end
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security Kim Alvefur <zash@zash.se> parents: diff changeset	44	end

author	Matthew Wild <mwild1@gmail.com>
	Fri, 23 Sep 2022 22:41:15 +0100
changeset 5058	62480053c87b
parent 863	efa9c1676d1f
child 1593	3e4d15ae2133
child 5415	b3158647cb36
permissions	-rw-r--r--