#1172 mod_bosh and mod_websocket: Don't report "It works" on insecure GET
Reporter
MattJ
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Type-Enhancement
Status-Accepted
Priority-Medium
MattJ
on
The default "it works" page that mod_bosh and mod_websocket serve for a GET request could be improved with some more detail.
In particular, if the request is received over HTTP (and not HTTPS) it should give a warning if consider_X_secure is not set.
Also we could consider reporting some useful info about what we think the client's IP address is (i.e. to ensure trusted_proxies is set correctly).
The default "it works" page that mod_bosh and mod_websocket serve for a GET request could be improved with some more detail. In particular, if the request is received over HTTP (and not HTTPS) it should give a warning if consider_X_secure is not set. Also we could consider reporting some useful info about what we think the client's IP address is (i.e. to ensure trusted_proxies is set correctly).