#1172 mod_bosh and mod_websocket: Don't report "It works" on insecure GET
Reporter
MattJ
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Status-Fixed
Type-Enhancement
Usability
Priority-Medium
Difficulty-Easy
Milestone-0.12
MattJ
on
The default "it works" page that mod_bosh and mod_websocket serve for a GET request could be improved with some more detail.
In particular, if the request is received over HTTP (and not HTTPS) it should give a warning if consider_X_secure is not set.
Also we could consider reporting some useful info about what we think the client's IP address is (i.e. to ensure trusted_proxies is set correctly).
The default "it works" page that mod_bosh and mod_websocket serve for a GET request could be improved with some more detail. In particular, if the request is received over HTTP (and not HTTPS) it should give a warning if consider_X_secure is not set. Also we could consider reporting some useful info about what we think the client's IP address is (i.e. to ensure trusted_proxies is set correctly).
Do want.
ChangesFixed in these: https://hg.prosody.im/trunk/rev/a76493b75dec https://hg.prosody.im/trunk/rev/e6122e6a40a0
Changes