mod_strict_https: Add way to disable redirect
Since Prosody 0.12+ does not listen on unencrypted http anymore, this is
likely to cause trouble. Especially since the URL construction is
problematic and awkward.
--- a/mod_strict_https/README.markdown Wed May 03 10:54:15 2023 +0200
+++ b/mod_strict_https/README.markdown Wed May 03 10:55:22 2023 +0200
@@ -21,6 +21,13 @@
hsts_header = "max-age=31556952"
```
+If the redirect from `http://` to `https://` causes trouble with
+internal use of HTTP APIs it can be disabled:
+
+``` lua
+hsts_redirect = false
+```
+
# Compatibility
------- -------------
--- a/mod_strict_https/mod_strict_https.lua Wed May 03 10:54:15 2023 +0200
+++ b/mod_strict_https/mod_strict_https.lua Wed May 03 10:55:22 2023 +0200
@@ -6,13 +6,14 @@
local http_server = require "net.http.server";
local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"
+local redirect = module:get_option_boolean("hsts_redirect", true);
module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data)
local request, response = event_data.request, event_data.response;
if request and response then
if request.secure then
response.headers.strict_transport_security = hsts_header;
- else
+ elseif redirect then
-- This won't get the port number right
response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or "");
return 301;