misc/lnav: Add a README with installation instructions

misc/lnav: Fix delimiting of timestamp in pattern The string with the timestamp format in core.loggingmanager does end with a space, so having the exact same string here is nice, but the pattern did not reflect this.

misc/lnav: Fix timestamp-format to be an array as per schema

mod_http_oauth2: Create proper template for OOB code delivery This also improves security by reusing the security and cache headers, where mod_http_errors/http-message doesn't add such headers. Colors selected by taking rotating the error colors, rrggbb -> ggbbrr

mod_http_oauth2: Add an example of client registration

mod_http_oauth2: Document client registration requirements Because they go a bit further than the basics in the RFC

mod_http_debug: Handle any path under /debug/* as well Sometimes things encode useful info in paths. Could also help if you add path components in a reverse proxy.

mod_http_debug: Log some extended info about requests If you point something external at this module, you don't get the response body back, hence it can be useful to see some details in the log as well.

mod_http_debug: Handle more HTTP methods Often you might want to see what POST data was sent, or such.

mod_http_debug: Add a brief README

mod_rest/example: Include 'application_type' in registration It defaults to "web", which in turn mandates https: redirect URIs, which would not work with this example using the OOB URI.

mod_s2sout_override: Add support for Direct TLS Well that was easy

mod_s2sout_override: New module for overriding s2s connections This takes advantage of the new event added in Prosody rev d5f322dd424b which enables a cleaner way to override the connection using a resolver.

mod_pubsub_alertmanager: Support for per-path config overrides

mod_muc_moderation: Point to new Conversations issue tracker

mod_invites_adhoc: Fall back to generic allow_user_invites for role-less users Fixes #1752 Backport of Prosody rev dc0c20753d6c

mod_invites{,_adhoc,_register}: Recommend using version included with prosody Thanks gooya

mod_welcome_page: Remove dependency on mod_invites (included with Prosody) Thanks gooya

mod_http_oauth2: Allow CORS for browser clients Needed for web clients to reach i.e. the token endpoint.

mod_http_oauth2: Disable Referrer via header Prevents the various parameters from potentially ending up in logs, as well as reduces the size of requests.

mod_http_oauth2: Always render errors as HTML for OOB redirect URI No invalid or insecure redirect URIs should make it to this point, so the warning can be removed.

mod_http_oauth2: Use validated redirect URI when returning errors to client Parsing it from the query again without the validation done by get_redirect_uri() may lead to open redirect issues.

mod_http_oauth2: Return OAuth error for authz code store error

mod_http_oauth2: Validate redirect_uri before using it for error redirects To be extra sure that it is safe to use in redirects from this point on.

mod_http_oauth2: Don't return redirects or HTML from token endpoint These are used by the client, not the user, so makes more sense to return JSON directly instead of a redirect or HTML error page when .

mod_http_oauth2: Tweak formatting of log message No need to `or ""` anymore since Prosody rev e88db5668cfb (0.11.0) and the %q format should produce either (nil) or "http://example"

mod_http_oauth2: Always show early errors to user Before having validated the client_id, communicating an error back to the client via redirect would make this an open redirect, so we may just as well skip past that logic, and especially the warning log message.

mod_http_oauth2: Clarify some error messages

mod_http_oauth2: Use error status code when rendering error page Shouldn't include a 200 OK status code when showing an error.

mod_http_oauth2: Add human-readable error messages