prosody-modules: mod_strict_https/README.markdown annotate

annotate mod_strict_https/README.markdown @ 5461:06640647d193

mod_http_oauth2: Fix use of arbitrary ports in loopback redirect URIs Per draft-ietf-oauth-v2-1-08#section-8.4.2 > The authorization server MUST allow any port to be specified at the > time of the request for loopback IP redirect URIs, to accommodate > clients that obtain an available ephemeral port from the operating > system at the time of the request. Uncertain if it should normalize the host part, but it also seems harmless to treat IPv6 and IPv4 the same here. One thing is that "localhost" is NOT RECOMMENDED because it can sometimes be pointed to non-loopback interfaces via DNS or hosts file.

author	Kim Alvefur <zash@zash.se>
date	Wed, 17 May 2023 13:51:30 +0200
parents	f8797e3284ff
children

rev	line source
1803 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1782 diff changeset	1 ---
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1782 diff changeset	2 summary: HTTP Strict Transport Security
5414 0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	3 ---
1782 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	4
5414 0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	5 # Introduction
1782 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	6
5414 0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	7 This module implements [RFC 6797: HTTP Strict Transport Security] and
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	8 responds to all non-HTTPS requests with a `301 Moved Permanently`
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	9 redirect to the HTTPS equivalent of the path.
1782 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	10
5414 0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	11 # Configuration
1782 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	12
1803 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1782 diff changeset	13 Add the module to the `modules_enabled` list and optionally configure
4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1782 diff changeset	14 the specific header sent.
1782 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	15
5414 0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	16 ``` lua
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	17 modules_enabled = {
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	18 ...
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	19 "strict_https";
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	20 }
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	21 hsts_header = "max-age=31556952"
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	22 ```
1782 29f3d6b7ad16 Import wiki pages Kim Alvefur <zash@zash.se> parents: diff changeset	23
5415 f8797e3284ff mod_strict_https: Add way to disable redirect Kim Alvefur <zash@zash.se> parents: 5414 diff changeset	24 If the redirect from `http://` to `https://` causes trouble with
f8797e3284ff mod_strict_https: Add way to disable redirect Kim Alvefur <zash@zash.se> parents: 5414 diff changeset	25 internal use of HTTP APIs it can be disabled:
f8797e3284ff mod_strict_https: Add way to disable redirect Kim Alvefur <zash@zash.se> parents: 5414 diff changeset	26
f8797e3284ff mod_strict_https: Add way to disable redirect Kim Alvefur <zash@zash.se> parents: 5414 diff changeset	27 ``` lua
f8797e3284ff mod_strict_https: Add way to disable redirect Kim Alvefur <zash@zash.se> parents: 5414 diff changeset	28 hsts_redirect = false
f8797e3284ff mod_strict_https: Add way to disable redirect Kim Alvefur <zash@zash.se> parents: 5414 diff changeset	29 ```
f8797e3284ff mod_strict_https: Add way to disable redirect Kim Alvefur <zash@zash.se> parents: 5414 diff changeset	30
5414 0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	31 # Compatibility
1803 4d73a1a6ba68 Convert all wiki pages to Markdown Kim Alvefur <zash@zash.se> parents: 1782 diff changeset	32
5414 0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	33 ------- -------------
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	34 trunk Should work
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	35 0.12 Should work
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	36 0.11 Should work
0c8e6269ea38 mod_strict_https: Refresh README Kim Alvefur <zash@zash.se> parents: 1803 diff changeset	37 ------- -------------

Mercurial > prosody-modules

annotate mod_strict_https/README.markdown @ 5461:06640647d193