Mercurial > prosody-modules
view mod_poke_strangers/README.markdown @ 5404:1087f697c3f3
mod_http_oauth2: Strip unknown extra fields from client registration
We shouldn't sign things we don't understand!
RFC 7591 section-2 states:
> The authorization server MUST ignore any client metadata sent by the
> client that it does not understand (for instance, by silently removing
> unknown metadata from the client's registration record during
> processing).
Prevents grandfathering in of unvalidated data that might become used
later, especially since the 'additionalProperties' schema keyword was
removed in 698fef74ce53
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 02 May 2023 16:23:40 +0200 |
| parents | 06faf7a149e3 |
| children |
line wrap: on
line source
--- labels: - 'Stage-Alpha' summary: 'Query the features and version of JIDs sending messages to contacts they are not subscribed to.' ... Introduction ============ In order to build heuristics for which messages are spam, it is necessary to log as many details as possible about the spammers. This module sends a version and disco query whenever a message is received from a JID to a user it is not subscribed to. The results are printed to Prosody's log file at the 'info' level. Queried full JIDs are not queried again until Prosody restarts. The queries are sent regardless of whether the local user exists, so it does not reveal if an account is active. Compatibility ============= ----- ------- 0.9 Works ----- -------