Mercurial Mercurial > prosody > prosody-modules / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_strict_https/mod_strict_https.lua
author aidan@jmad.org
Thu, 15 Feb 2024 09:20:50 -0800
changeset 5843 fba64b043c52
parent 5419 f8797e3284ff
permissions -rw-r--r--
mod_http_upload_external: Fix typo in access documentation.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
861
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     1
 
-- HTTP Strict Transport Security
5415
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset 
     2
 
-- https://www.rfc-editor.org/info/rfc6797
861
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     3
 












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     4


module:set_global();












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     5














1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     6


local http_server = require "net.http.server";












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     7









863






efa9c1676d1f
mod_strict_https: Correct underscore to hypen in max-age directive



Kim Alvefur <zash@zash.se>


parents: 
861

diff
changeset




     8


local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"







5419






f8797e3284ff
mod_strict_https: Add way to disable redirect



Kim Alvefur <zash@zash.se>


parents: 
5415

diff
changeset




     9


local redirect = module:get_option_boolean("hsts_redirect", true);







861






1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    10









5415






b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    11


module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data)












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    12


	local request, response = event_data.request, event_data.response;












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    13


	if request and response then












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    14


		if request.secure then












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    15


			response.headers.strict_transport_security = hsts_header;







5419






f8797e3284ff
mod_strict_https: Add way to disable redirect



Kim Alvefur <zash@zash.se>


parents: 
5415

diff
changeset




    16


		elseif redirect then







5415






b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    17


			-- This won't get the port number right












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    18


			response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or "");







861






1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    19


			return 301;












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    20


		end












1b34c8e46ffb
mod_strict_https: New module implementing HTTP Strict Transport Security



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    21


	end







5415






b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    22


	return handlers(event_name, event_data);












b3158647cb36
mod_strict_https: Update to use modern APIs instead of monkey patching



Kim Alvefur <zash@zash.se>


parents: 
863

diff
changeset




    23


end);














prosody-modules