mod_strict_https: Update to use modern APIs instead of monkey patching
Updates one of the least recently updated modules :)
Mapping HTTP Host to Prosody host remains awkward.
--- a/mod_strict_https/mod_strict_https.lua Tue May 02 19:06:17 2023 +0200
+++ b/mod_strict_https/mod_strict_https.lua Wed May 03 10:16:15 2023 +0200
@@ -1,5 +1,5 @@
-- HTTP Strict Transport Security
--- https://tools.ietf.org/html/rfc6797
+-- https://www.rfc-editor.org/info/rfc6797
module:set_global();
@@ -7,38 +7,16 @@
local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"
-local _old_send_response;
-local _old_fire_event;
-
-local modules = {};
-
-function module.load()
- _old_send_response = http_server.send_response;
- function http_server.send_response(response, body)
- response.headers.strict_transport_security = hsts_header;
- return _old_send_response(response, body);
- end
-
- _old_fire_event = http_server._events.fire_event;
- function http_server._events.fire_event(event, payload)
- local request = payload.request;
- local host = event:match("^[A-Z]+ ([^/]+)");
- local module = modules[host];
- if module and not request.secure then
- payload.response.headers.location = module:http_url(request.path);
+module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data)
+ local request, response = event_data.request, event_data.response;
+ if request and response then
+ if request.secure then
+ response.headers.strict_transport_security = hsts_header;
+ else
+ -- This won't get the port number right
+ response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or "");
return 301;
end
- return _old_fire_event(event, payload);
end
-end
-function module.unload()
- http_server.send_response = _old_send_response;
- http_server._events.fire_event = _old_fire_event;
-end
-function module.add_host(module)
- local http_host = module:get_option_string("http_host", module.host);
- modules[http_host] = module;
- function module.unload()
- modules[http_host] = nil;
- end
-end
+ return handlers(event_name, event_data);
+end);