Mercurial > prosody-modules
changeset 5415:f8797e3284ff
mod_strict_https: Add way to disable redirect
Since Prosody 0.12+ does not listen on unencrypted http anymore, this is
likely to cause trouble. Especially since the URL construction is
problematic and awkward.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 03 May 2023 10:55:22 +0200 |
| parents | 0c8e6269ea38 |
| children | 2393dbae51ed |
| files | mod_strict_https/README.markdown mod_strict_https/mod_strict_https.lua |
| diffstat | 2 files changed, 9 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_strict_https/README.markdown Wed May 03 10:54:15 2023 +0200 +++ b/mod_strict_https/README.markdown Wed May 03 10:55:22 2023 +0200 @@ -21,6 +21,13 @@ hsts_header = "max-age=31556952" ``` +If the redirect from `http://` to `https://` causes trouble with +internal use of HTTP APIs it can be disabled: + +``` lua +hsts_redirect = false +``` + # Compatibility ------- -------------
--- a/mod_strict_https/mod_strict_https.lua Wed May 03 10:54:15 2023 +0200 +++ b/mod_strict_https/mod_strict_https.lua Wed May 03 10:55:22 2023 +0200 @@ -6,13 +6,14 @@ local http_server = require "net.http.server"; local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year" +local redirect = module:get_option_boolean("hsts_redirect", true); module:wrap_object_event(http_server._events, false, function(handlers, event_name, event_data) local request, response = event_data.request, event_data.response; if request and response then if request.secure then response.headers.strict_transport_security = hsts_header; - else + elseif redirect then -- This won't get the port number right response.headers.location = "https://" .. request.host .. request.path .. (request.query and "?" .. request.query or ""); return 301;