Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_bosh: Include warning if endpoint accessed insecurely (#1172)
authorKim Alvefur <zash@zash.se>
Sun, 21 Feb 2021 06:18:22 +0100
changeset 11396 a76493b75dec
parent 11395 8eff5c744395
child 11397 e6122e6a40a0
mod_bosh: Include warning if endpoint accessed insecurely (#1172) This is to make it obvious if a misconfigured a proxy or the request really is insecure. Perhaps it should also check c2s_require_encryption?
plugins/mod_bosh.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_bosh.lua	Sun Feb 21 06:17:40 2021 +0100
+++ b/plugins/mod_bosh.lua	Sun Feb 21 06:18:22 2021 +0100
@@ -536,6 +536,7 @@
 		---
 		title = "Prosody BOSH endpoint";
 		message = "It works! Now point your BOSH client to this URL to connect to Prosody.";
+		warning = not (consider_bosh_secure or event.request.secure) and "This endpoint is not considered secure!" or nil;
 		-- <p>For more information see <a href="https://prosody.im/doc/setting_up_bosh">Prosody: Setting up BOSH</a>.</p>
 	}) or "This is the Prosody BOSH endpoint.";
 end
prosody