Mercurial > prosody-modules
comparison mod_strict_https/mod_strict_https.lua @ 5650:0eb2d5ea2428
merge
| author | Stephen Paul Weber <singpolyma@singpolyma.net> |
|---|---|
| date | Sat, 06 May 2023 19:40:23 -0500 |
| parents | f8797e3284ff |
| children |
comparison
equal
deleted
inserted
replaced
| 5649:2c69577b28c2 | 5650:0eb2d5ea2428 |
|---|---|
| 1 -- HTTP Strict Transport Security | 1 -- HTTP Strict Transport Security |
| 2 -- https://tools.ietf.org/html/rfc6797 | 2 -- https://www.rfc-editor.org/info/rfc6797 |
| 3 | 3 |
| 4 module:set_global(); | 4 module:set_global(); |
| 5 | 5 |
| 6 local http_server = require "net.http.server"; | 6 local http_server = require "net.http.server"; |
| 7 | 7 |
| 8 local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year" | 8 local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year" |
| 9 local redirect = module:get_option_boolean("hsts_redirect", true); | |
| 9 | 10 |
| 10 local _old_send_response; | 11 module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data) |
| 11 local _old_fire_event; | 12 local request, response = event_data.request, event_data.response; |
| 12 | 13 if request and response then |
| 13 local modules = {}; | 14 if request.secure then |
| 14 | 15 response.headers.strict_transport_security = hsts_header; |
| 15 function module.load() | 16 elseif redirect then |
| 16 _old_send_response = http_server.send_response; | 17 -- This won't get the port number right |
| 17 function http_server.send_response(response, body) | 18 response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or ""); |
| 18 response.headers.strict_transport_security = hsts_header; | |
| 19 return _old_send_response(response, body); | |
| 20 end | |
| 21 | |
| 22 _old_fire_event = http_server._events.fire_event; | |
| 23 function http_server._events.fire_event(event, payload) | |
| 24 local request = payload.request; | |
| 25 local host = event:match("^[A-Z]+ ([^/]+)"); | |
| 26 local module = modules[host]; | |
| 27 if module and not request.secure then | |
| 28 payload.response.headers.location = module:http_url(request.path); | |
| 29 return 301; | 19 return 301; |
| 30 end | 20 end |
| 31 return _old_fire_event(event, payload); | |
| 32 end | 21 end |
| 33 end | 22 return handlers(event_name, event_data); |
| 34 function module.unload() | 23 end); |
| 35 http_server.send_response = _old_send_response; | |
| 36 http_server._events.fire_event = _old_fire_event; | |
| 37 end | |
| 38 function module.add_host(module) | |
| 39 local http_host = module:get_option_string("http_host", module.host); | |
| 40 modules[http_host] = module; | |
| 41 function module.unload() | |
| 42 modules[http_host] = nil; | |
| 43 end | |
| 44 end |
