annotate mod_strict_https/mod_strict_https.lua @ 6319:04c3273cb81f

mod_auth_cyrus: Add empty 'profile' table to SASL handler objects This is for compatibility with Prosody's built-in util.sasl objects. A SASL profile table usually includes methods supported by the backend, which can be used by SASL mechanism handlers to perform operations (such as testing the password). It also optionally contains a 'cb' field with channel binding method handlers. The Cyrus backend doesn't support channel binding, and doesn't have the same concept of auth backend methods (it handles all that internally, and Prosody has no insight or control over it). Thus, we create an empty profile which informs Prosody that the SASL handler does not support any of the auth or channel binding methods. Some features will not work, but they didn't work anyway. This just makes it explicit. This fixes a traceback in mod_sasl2_fast, which expected SASL handlers to always contain a 'profile' field.
author Matthew Wild <mwild1@gmail.com>
date Thu, 04 Sep 2025 10:14:46 +0100
parents f8797e3284ff
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
861
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- HTTP Strict Transport Security
5411
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
2 -- https://www.rfc-editor.org/info/rfc6797
861
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 module:set_global();
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local http_server = require "net.http.server";
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
863
efa9c1676d1f mod_strict_https: Correct underscore to hypen in max-age directive
Kim Alvefur <zash@zash.se>
parents: 861
diff changeset
8 local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"
5415
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5411
diff changeset
9 local redirect = module:get_option_boolean("hsts_redirect", true);
861
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
5411
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
11 module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data)
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
12 local request, response = event_data.request, event_data.response;
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
13 if request and response then
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
14 if request.secure then
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
15 response.headers.strict_transport_security = hsts_header;
5415
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5411
diff changeset
16 elseif redirect then
5411
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
17 -- This won't get the port number right
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
18 response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or "");
861
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 return 301;
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 end
1b34c8e46ffb mod_strict_https: New module implementing HTTP Strict Transport Security
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 end
5411
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
22 return handlers(event_name, event_data);
b3158647cb36 mod_strict_https: Update to use modern APIs instead of monkey patching
Kim Alvefur <zash@zash.se>
parents: 863
diff changeset
23 end);