prosody-modules: mod_strict_https/mod_strict

comparison mod_strict_https/mod_strict_https.lua @ 5415:f8797e3284ff

mod_strict_https: Add way to disable redirect Since Prosody 0.12+ does not listen on unencrypted http anymore, this is likely to cause trouble. Especially since the URL construction is problematic and awkward.

author	Kim Alvefur <zash@zash.se>
date	Wed, 03 May 2023 10:55:22 +0200
parents	b3158647cb36
children

comparison

equal deleted inserted replaced

-:0c8e6269ea38
+:f8797e3284ff
 module:set_global();
 local http_server = require "net.http.server";
 local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"
+local redirect = module:get_option_boolean("hsts_redirect", true);
 module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data)
 	local request, response = event_data.request, event_data.response;
 	if request and response then
 		if request.secure then
 			response.headers.strict_transport_security = hsts_header;
-		else
+		elseif redirect then
 			-- This won't get the port number right
 			response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or "");
 			return 301;
 		end
 	end

Mercurial > prosody-modules

comparison mod_strict_https/mod_strict_https.lua @ 5415:f8797e3284ff