annotate mod_flash_policy/mod_flash_policy.lua @ 5472:b80b6947b079

mod_http_oauth2: Always show early errors to user Before having validated the client_id, communicating an error back to the client via redirect would make this an open redirect, so we may just as well skip past that logic, and especially the warning log message.
author Kim Alvefur <zash@zash.se>
date Thu, 18 May 2023 13:43:17 +0200
parents 7dbde05b48a9
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
1 local filters = require "util.filters";
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
2 local config = {}
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
3 config.file = module:get_option_string("crossdomain_file", "");
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
4 config.string = module:get_option_string("crossdomain_string", [[<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"/><allow-access-from domain="*" /></cross-domain-policy>]]);
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
5 local string = ''
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
6 if not config.file ~= '' then
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
7 local f = assert(io.open(config.file));
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
8 string = f:read("*all");
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
9 else
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
10 string = config.string
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
11 end
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
12
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
13 module:log("debug", "crossdomain string: "..string);
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
14
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
15 module:set_global();
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
16
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
17 function filter_policy(data, session)
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
18 -- Since we only want to check the first block of data, remove the filter
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
19 filters.remove_filter(session, "bytes/in", filter_policy);
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
20 if data == "<policy-file-request/>\0" then
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
21 session.send(string.."\0");
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
22 return nil; -- Drop data to prevent it reaching the XMPP parser
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
23 else
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
24 return data; -- Pass data through, it wasn't a policy request
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
25 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 395
diff changeset
26
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
27 end
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
28
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
29 function filter_session(session)
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
30 if session.type == "c2s_unauthed" then
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
31 filters.add_filter(session, "bytes/in", filter_policy, -1);
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
32 end
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
33 end
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
34
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
35 function module.load()
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
36 filters.add_filter_hook(filter_session);
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
37 end
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
38
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
39 function module.unload()
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
40 filters.remove_filter_hook(filter_session);
379
eebc19c224fb Moved the file to a directory
leonbogaert
parents:
diff changeset
41 end