view mod_http_avatar/README.markdown @ 5404:1087f697c3f3

mod_http_oauth2: Strip unknown extra fields from client registration We shouldn't sign things we don't understand! RFC 7591 section-2 states: > The authorization server MUST ignore any client metadata sent by the > client that it does not understand (for instance, by silently removing > unknown metadata from the client's registration record during > processing). Prevents grandfathering in of unvalidated data that might become used later, especially since the 'additionalProperties' schema keyword was removed in 698fef74ce53
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:23:40 +0200
parents c3b886331de7
children
line wrap: on
line source

---
summary: Serve avatars from HTTP
...

Introduction
============

This module serves avatars from local users who have one set in their
vCard, see XEP-0054 and XEP-0153.

Configuring
===========

Simply load the module.  Avatars are then available at
http://<host>:5280/avatar/<username>

    modules_enabled = {
        ...
        "http_avatar";
    }

Compatibility
=============

  ------- --------------
  trunk   Works
  0.11    Works
  0.10    Should work
  ------- --------------