Kim Alvefur <zash@zash.se> [Wed, 31 May 2023 19:31:45 +0200] rev 5502
misc/lnav: Add a README with installation instructions
Kim Alvefur <zash@zash.se> [Wed, 31 May 2023 18:04:30 +0200] rev 5501
misc/lnav: Fix delimiting of timestamp in pattern
The string with the timestamp format in core.loggingmanager does end
with a space, so having the exact same string here is nice, but the
pattern did not reflect this.
Kim Alvefur <zash@zash.se> [Wed, 31 May 2023 17:59:56 +0200] rev 5500
misc/lnav: Fix timestamp-format to be an array as per schema
Kim Alvefur <zash@zash.se> [Wed, 31 May 2023 03:44:04 +0200] rev 5499
mod_http_oauth2: Create proper template for OOB code delivery
This also improves security by reusing the security and cache headers,
where mod_http_errors/http-message doesn't add such headers.
Colors selected by taking rotating the error colors, rrggbb -> ggbbrr
Kim Alvefur <zash@zash.se> [Fri, 26 May 2023 15:49:39 +0200] rev 5498
mod_http_oauth2: Add an example of client registration
Kim Alvefur <zash@zash.se> [Fri, 26 May 2023 15:48:02 +0200] rev 5497
mod_http_oauth2: Document client registration requirements
Because they go a bit further than the basics in the RFC
Kim Alvefur <zash@zash.se> [Fri, 26 May 2023 15:38:38 +0200] rev 5496
mod_http_debug: Handle any path under /debug/* as well
Sometimes things encode useful info in paths. Could also help if you add
path components in a reverse proxy.
Kim Alvefur <zash@zash.se> [Fri, 26 May 2023 15:37:15 +0200] rev 5495
mod_http_debug: Log some extended info about requests
If you point something external at this module, you don't get the
response body back, hence it can be useful to see some details in the
log as well.
Kim Alvefur <zash@zash.se> [Fri, 26 May 2023 15:36:04 +0200] rev 5494
mod_http_debug: Handle more HTTP methods
Often you might want to see what POST data was sent, or such.
Kim Alvefur <zash@zash.se> [Fri, 26 May 2023 15:20:04 +0200] rev 5493
mod_http_debug: Add a brief README
Kim Alvefur <zash@zash.se> [Fri, 26 May 2023 14:32:59 +0200] rev 5492
mod_rest/example: Include 'application_type' in registration
It defaults to "web", which in turn mandates https: redirect URIs, which
would not work with this example using the OOB URI.
Kim Alvefur <zash@zash.se> [Wed, 24 May 2023 16:34:35 +0200] rev 5491
mod_s2sout_override: Add support for Direct TLS
Well that was easy
Kim Alvefur <zash@zash.se> [Wed, 24 May 2023 15:56:26 +0200] rev 5490
mod_s2sout_override: New module for overriding s2s connections
This takes advantage of the new event added in Prosody rev d5f322dd424b
which enables a cleaner way to override the connection using a resolver.
Matthew Wild <mwild1@gmail.com> [Tue, 23 May 2023 19:40:38 +0100] rev 5489
mod_pubsub_alertmanager: Support for per-path config overrides
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 21:11:13 +0200] rev 5488
mod_muc_moderation: Point to new Conversations issue tracker
Matthew Wild <mwild1@gmail.com> [Thu, 18 May 2023 18:15:50 +0200] rev 5487
mod_invites_adhoc: Fall back to generic allow_user_invites for role-less users
Fixes #1752
Backport of Prosody rev dc0c20753d6c
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 18:08:40 +0200] rev 5486
mod_invites{,_adhoc,_register}: Recommend using version included with prosody
Thanks gooya
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 17:56:10 +0200] rev 5485
mod_welcome_page: Remove dependency on mod_invites (included with Prosody)
Thanks gooya
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 14:51:48 +0200] rev 5484
mod_http_oauth2: Allow CORS for browser clients
Needed for web clients to reach i.e. the token endpoint.
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 14:47:54 +0200] rev 5483
mod_http_oauth2: Disable Referrer via header
Prevents the various parameters from potentially ending up in logs, as
well as reduces the size of requests.
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 14:25:11 +0200] rev 5482
mod_http_oauth2: Always render errors as HTML for OOB redirect URI
No invalid or insecure redirect URIs should make it to this point, so
the warning can be removed.
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 14:17:58 +0200] rev 5481
mod_http_oauth2: Use validated redirect URI when returning errors to client
Parsing it from the query again without the validation done by
get_redirect_uri() may lead to open redirect issues.
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 14:07:37 +0200] rev 5480
mod_http_oauth2: Return OAuth error for authz code store error
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 14:02:09 +0200] rev 5479
mod_http_oauth2: Validate redirect_uri before using it for error redirects
To be extra sure that it is safe to use in redirects from this point on.
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 13:41:23 +0200] rev 5478
mod_http_oauth2: Don't return redirects or HTML from token endpoint
These are used by the client, not the user, so makes more sense to
return JSON directly instead of a redirect or HTML error page when .
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 13:27:27 +0200] rev 5477
mod_http_oauth2: Tweak formatting of log message
No need to `or ""` anymore since Prosody rev e88db5668cfb (0.11.0) and
the %q format should produce either (nil) or "http://example"
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 13:43:17 +0200] rev 5476
mod_http_oauth2: Always show early errors to user
Before having validated the client_id, communicating an error back to
the client via redirect would make this an open redirect, so we may just
as well skip past that logic, and especially the warning log message.
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 13:24:18 +0200] rev 5475
mod_http_oauth2: Clarify some error messages
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 13:19:25 +0200] rev 5474
mod_http_oauth2: Use error status code when rendering error page
Shouldn't include a 200 OK status code when showing an error.
Kim Alvefur <zash@zash.se> [Thu, 18 May 2023 13:03:09 +0200] rev 5473
mod_http_oauth2: Add human-readable error messages