Kim Alvefur <zash@zash.se> [Mon, 04 Apr 2022 18:44:57 +0200] rev 12454
core.modulemanager: Fix global flag on per-host instances of shared modules (fix #1736)
This flag is something of a shortcut for `module.host == "*"` and should
always be equal to that. Its absence on the proxy object made the
property of the global module instance visible, causing problems such as
with URL reporting in mod_http
Matthew Wild <mwild1@gmail.com> [Sun, 03 Apr 2022 12:57:11 +0100] rev 12453
Merge 0.12->trunk
Matthew Wild <mwild1@gmail.com> [Sun, 03 Apr 2022 12:56:11 +0100] rev 12452
configmanager: Clearer errors when providing unexpected values after VirtualHost (fixes #1735, thanks arawaks)
Kim Alvefur <zash@zash.se> [Sat, 02 Apr 2022 16:39:29 +0200] rev 12451
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Sat, 02 Apr 2022 16:33:27 +0200] rev 12450
util.random: Test whether util.crand works before using it (fix #1734)
util.crand can be configured at compile time to use the Linux
getrandom() system call, available from Linux 3.17, but it is still
possible to load it with an older kernel lacking that system call, where
attempting to use it throws an ENOSYS error.
By testing for this on load we can fall back to /dev/urandom in this
case.
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 14:53:46 +0100] rev 12449
Merge 0.12->trunk
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 14:53:24 +0100] rev 12448
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 14:40:21 +0100] rev 12447
mod_http: Reintroduce support for disabling or limiting CORS (fixes #1730)
This is far better than pre-0.12, because we now have a universal way to
configure and enable/disable CORS on a per-module basis.
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 11:42:16 +0100] rev 12446
Merge 0.12->trunk
Matthew Wild <mwild1@gmail.com> [Mon, 28 Mar 2022 11:41:57 +0100] rev 12445
prosodyctl: check config: Report paths of loaded configuration files (fixed #1729)