view mod_strict_https/mod_strict_https.lua @ 3943:f5e6368a1c39

mod_cloud_notify: Cleanup code and drop support for prosody 0.9 This removes some legacy stuff that was needed for prosody 0.9 We now use util.stanza:find instead of our own patched version to be more mainstream The unneeded module unloading code was removed, too
author tmolitor <thilo@eightysoft.de>
date Wed, 11 Mar 2020 20:00:50 +0100
parents efa9c1676d1f
children b3158647cb36
line wrap: on
line source

-- HTTP Strict Transport Security
-- https://tools.ietf.org/html/rfc6797

module:set_global();

local http_server = require "net.http.server";

local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year"

local _old_send_response;
local _old_fire_event;

local modules = {};

function module.load()
	_old_send_response = http_server.send_response;
	function http_server.send_response(response, body)
		response.headers.strict_transport_security = hsts_header;
		return _old_send_response(response, body);
	end

	_old_fire_event = http_server._events.fire_event;
	function http_server._events.fire_event(event, payload)
		local request = payload.request;
		local host = event:match("^[A-Z]+ ([^/]+)");
		local module = modules[host];
		if module and not request.secure then
			payload.response.headers.location = module:http_url(request.path);
			return 301;
		end
		return _old_fire_event(event, payload);
	end
end
function module.unload()
	http_server.send_response = _old_send_response;
	http_server._events.fire_event = _old_fire_event;
end
function module.add_host(module)
	local http_host = module:get_option_string("http_host", module.host);
	modules[http_host] = module;
	function module.unload()
		modules[http_host] = nil;
	end
end