prosody

Commit Graph

Author	SHA1	Message	Date
Matthew Wild	f19f1088b7	mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731 ) The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.	4 years ago
Matthew Wild	4c4e764e23	mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions.	5 years ago
Matthew Wild	a481251b29	mod_websocket: Refactor frame validity checking, also check partially-received frames against constraints	5 years ago
Matthew Wild	71256641f4	mod_websocket: Continue to process data already in the buffer after an error occurs Previously any error, or even a normal websocket close frame, would return early, leaving potentially entire frames in the buffer unprocessed and then discarded. This change stops processing new data, but returns an existing processed data up to the point of the error/close.	5 years ago
Matthew Wild	364146dbb1	mod_websocket: Enforce stanza size limit and close stream	5 years ago
Matthew Wild	3c0924eee1	mod_websocket: Add separate limit for frame buffer size	5 years ago
Matthew Wild	a4e9e4815c	mod_websocket: handle full frame buffer and raise stream error	5 years ago
Matthew Wild	5a1c206ece	mod_websocket: Switch partial frame buffering to util.dbuffer This improves performance and enforces stanza size limits earlier in the pipeline.	5 years ago
Matthew Wild	2418c3fe43	mod_websocket: Fire event on session creation (thanks Aaron van Meerten)	6 years ago
Kim Alvefur	eb7a71a645	mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484 )	6 years ago
Kim Alvefur	e2f8d0b70f	mod_websocket: Only enable host-agnostic HTTP routing when enabled globally This way the host-agnostic http://*:5280/ handler is not enabled, but BOSH can still be used with any local VirtualHost Ref #1712	4 years ago
Kim Alvefur	ef6cb64b9e	mod_c2s,etc: Identify stanza object with appropriate function Better than duck typing, in case anyone ever passes a non-stanza table with a 'name' field.	4 years ago
Kim Alvefur	e7df432614	mod_bosh,mod_websocket: Make into global-shared modules (...again) Global modules aren't quite considered loaded onto hosts, which causes confusion in some cases. They are also reported in the log as being served on http://*:5280/foo which is also a bit confusing, and can't be clicked. Global modules also have to have their paths configured in the global section, which could be confusing and unexpected. This global+shared method should be the best of both worlds.	5 years ago
Kim Alvefur	49d6a7a91f	mod_websocket: Use mod_http_errors html template #1172 Same as the prior commit to mod_bosh	5 years ago
Kim Alvefur	231e87ab05	mod_websocket: Inherit security status from http request Allows requests considered secure becasue of a proxy header to carry over to the client session. mod_bosh does this too.	5 years ago
Matthew Wild	ff9bdefc7e	mod_bosh, mod_websocket: Add config options to override GET responses	6 years ago
Matthew Wild	634408ca29	mod_websocket: Fire event on session creation (thanks Aaron van Meerten)	6 years ago
Kim Alvefur	3204f55be1	mod_websocket: Clone stanza before mutating (fixes #1398 ) Checking for `stanza.attr.xmlns == nil` to determine if the stanza object is an actual stanza (`<message>`, `<presence>` or `<iq>` in the `jabber:client` or `jabbber:server` namespace) or some other stream element. Since this mutation is not reverted, it may leak to other places and cause them to mistreat stanzas as stream elements. Especially in cases like MUC where a single stanza is broadcast to many recipients.	7 years ago
Kim Alvefur	bf5f096225	mod_websocket: Guard against upgrading to websocket from a HEAD request	6 years ago
Kim Alvefur	f8d61d21e5	mod_websocket: Log an error if cross_domain_websocket = true is set in a VirtualHost section	7 years ago
Kim Alvefur	757051d913	mod_websocket: Include the value of cross_domain_websocket in debug message	7 years ago
Kim Alvefur	40b1e3e0ed	plugins: Remove tostring call from logging Taken care of by loggingmanager now Mass-rewrite using lua pattern like `tostring%b()`	7 years ago
Kim Alvefur	0ddec30924	mod_websocket: Silence the one warning instead of ignoring the entire file	7 years ago
Kim Alvefur	eab76309e8	mod_websocket: Serve HTTP in global context	7 years ago
Matthew Wild	23fad122e6	mod_websocket: Store the request object on the session for use by other modules	8 years ago
Kim Alvefur	bd52588649	mod_websocket: Convert set to string (syslog sink needs a better fix)	9 years ago
Kim Alvefur	221809ea04	mod_websocket: Log state of cross domain set after changing it	9 years ago
Kim Alvefur	2bd1debc3c	mod_websocket: Transfer IP address derived by mod_http	8 years ago
Kim Alvefur	fd19cd42b0	mod_websocket: Make open_stream method behave like the one from util.xmppstream	9 years ago
Kim Alvefur	f6e6bc0bd9	mod_websocket: Include xml:lang attribute on stream <open> (fixes #840 )	9 years ago
Kim Alvefur	013b8292ab	mod_websocket: Set connections starttls method to false to prevent mod_tls from offering starttls (fixes #837 )	9 years ago
Kim Alvefur	b151bd4d64	mod_websocket: Allow per-host cross_domain_websocket, defaulting to the base URL of the current host	9 years ago
Kim Alvefur	d1eb694c30	mod_websocket: Add the base URL of each host module is enabled on to 'cross_domain_websocket'	9 years ago
Kim Alvefur	bcf02d74c7	mod_websocket: Verify that the client-sent Origin header matches cross_domain_websocket (fixes #652 )	9 years ago
Kim Alvefur	1ec77e632e	mod_websocket: Use contains_token from util.http for checking if the requested WebSocket sub-protocols include XMPP	9 years ago
Kim Alvefur	f758fdb4d6	mod_websocket: Add some debug messages	9 years ago
Kim Alvefur	02919f0951	mod_websocket: Set FIN flag on ping frames (fixes #773 )	9 years ago
Kim Alvefur	52a8bdb8f5	mod_websocket: Fix read timeout handler (thanks mt)	10 years ago
Kim Alvefur	41522cb84a	mod_websocket: Send a ping on read timeout	10 years ago
Kim Alvefur	a50a9d99a0	mod_websocket: Remove warning about unsolicited pong frames "MAY be sent unsolicited" per RFC 6455 (thanks mt)	10 years ago
Kim Alvefur	4633eb56fb	mod_websocket: Make sure stanza xmlns filter runs late in the chain	10 years ago
Kim Alvefur	bc5cd404ab	mod_websocket: Silence luacheck warnings	10 years ago
Kim Alvefur	1aac758bba	mod_websocket: Import util.timer and session close timeout config option (thanks fairuz)	10 years ago
Kim Alvefur	6481392488	mod_websocket: Import sessionmanager (fixes traceback)	11 years ago
Florian Zeitz	6806a3f7be	mod_websocket: Initial commit (based on the prosody-modules version)	11 years ago
Kim Alvefur	2612e75c8a	mod_bosh, mod_websocket: Remove accidentally included dependency on non-existant module	7 years ago
Kim Alvefur	7fefafa8f6	mod_websocket: Drop CORS code in favor of that in mod_http Like for mod_bosh, deprecates consider_websocket_secure and depend on mod_http_crossdomain if it is set.	7 years ago

1 2

52 Commits (08a730746ce2dc52d2bc47d9868d64f601e2ea81)