Mercurial > prosody-modules

view mod_http_debug/README.md @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 91564b57e595
children
line wrap: on
line source

---
summary: HTTP module returning info about requests for debugging
---

This module returns some info about HTTP requests as Prosody sees them
from an endpoint like `http://xmpp.example.net:5281/debug`.  This can be
used to validate [reverse-proxy configuration][doc:http] and similar use
cases.

# Example

```
$ curl -sSf  https://xmpp.example.net:5281/debug | json_pp
{
   "body" : "",
   "headers" : {
      "accept" : "*/*",
      "host" : "xmpp.example.net:5281",
      "user_agent" : "curl/7.74.0"
   },
   "httpversion" : "1.1",
   "id" : "jmFROQKoduU3",
   "ip" : "127.0.0.1",
   "method" : "GET",
   "path" : "/debug",
   "secure" : true,
   "url" : {
      "path" : "/debug"
   }
}
```

# Configuration

HTTP Methods handled can be configured via the `http_debug_methods`
setting. By default, the most common methods are already enabled.

```lua
http_debug_methods = { "GET"; "HEAD"; "DELETE"; "OPTIONS"; "PATCH"; "POST"; "PUT" };
```