view mod_ogp/README.markdown @ 5796:93d6e9026c1b

mod_http_oauth2: Do not enforce PKCE on Device and OOB flows PKCE does not appear to be used with the Device flow. I have found no mention of any interaction between those standards. Since no data is delivered via redirects in these cases, PKCE may not serve any purpose. This is mostly a problem because we reuse the authorization code to implement the Device and OOB flows.
author Kim Alvefur <zash@zash.se>
date Fri, 15 Dec 2023 12:10:07 +0100
parents 09f0911c735d
children
line wrap: on
line source

# mod_ogp

This module adds [Open Graph Protocol](https://ogp.me) metadata to URLs sent inside a MUC.

With mod_ogp enabled, when a user sends a URL in a MUC (where the message has its `id` equal to its `origin-id`), the module calls the URL and parses the result for `<meta>` html tags that have any `og:...` properties.
If it finds any, it sends a [XEP-0422 fastening](https://xmpp.org/extensions/xep-0422.html) applied to the original message that looks like:

```xml
<message id="example" from="chatroom@muc.example.org" to="user@chat.example.org/resource">
<apply-to xmlns="urn:xmpp:fasten:0" id="origin-id-X">
<meta xmlns="http://www.w3.org/1999/xhtml" property="og:title" content="The Rock"/>
<meta xmlns="http://www.w3.org/1999/xhtml" property="og:url" content="https://www.imdb.com/title/tt0117500/"/>
<meta xmlns="http://www.w3.org/1999/xhtml" property="og:image" content="https://ia.media-imdb.com/images/rock.jpg"/>
</apply-to>
</message>
```

The module is intentionally simple in the sense that it is basically a transport for https://ogp.me/

Configuration
-------------

You can present an allowlist or denylist of domains for which OGP metadata will be fetched
via the `ogp_domain_allowlist` and `ogp_domain_denylist` settings repectively.

For example:

```lua
Component "muc.example.org" "muc"
  modules_enabled = { "ogp" }
  ogp_domain_allowlist = { "prosody.im" }
```