view mod_secure_interfaces/mod_secure_interfaces.lua @ 6411:b00638d74f46

mod_unified_push: Allow additional CORS headers for unified push (fixes #1985) - Request header "TTL" is mandated by the HTTP Push specification RFC 8030: https://datatracker.ietf.org/doc/html/rfc8030#section-5 - Firefox sends "Content-Encoding" with a HTTP form submission, so it is required when using the Unified Push testing tool at https://unifiedpush.org/test_wp.html (with the full URL being delivered by the UP-Example Android app) Adding both headers makes the Unified Push testing tool work from the browser. Resolves: https://issues.prosody.im/1985
author Christian Weiske <cweiske@cweiske.de>
date Sat, 21 Feb 2026 19:13:08 +0100
parents 6c806a99f802
children
line wrap: on
line source

local secure_interfaces = module:get_option_set("secure_interfaces", { "127.0.0.1", "::1" });

module:hook("stream-features", function (event)
	local session = event.origin;
	if session.type ~= "c2s_unauthed" then return; end
	local socket = session.conn:socket();
	if not socket.getsockname then
		module:log("debug", "Unable to determine local address of incoming connection");
		return;
	end
	local localip = socket:getsockname();
	if secure_interfaces:contains(localip) then
		module:log("debug", "Marking session from %s to %s as secure", session.ip or "[?]", localip);
		session.secure = true;
		session.conn.starttls = false;
	else
		module:log("debug", "Not marking session from %s to %s as secure", session.ip or "[?]", localip);
	end
end, 2500);