#1172 mod_bosh and mod_websocket: Don't report "It works" on insecure GET

Reporter MattJ
Owner Nobody
Created
Updated
Stars ★ (1)
Tags
  • Milestone-0.12
  • Difficulty-Easy
  • Status-Fixed
  • Usability
  • Priority-Medium
  • Type-Enhancement
  1. MattJ on

    The default "it works" page that mod_bosh and mod_websocket serve for a GET request could be improved with some more detail. In particular, if the request is received over HTTP (and not HTTPS) it should give a warning if consider_X_secure is not set. Also we could consider reporting some useful info about what we think the client's IP address is (i.e. to ensure trusted_proxies is set correctly).

  2. Zash on

    Do want.

    Changes
    • tags Difficulty-Easy
  3. Zash on

    Fixed in these: https://hg.prosody.im/trunk/rev/a76493b75dec https://hg.prosody.im/trunk/rev/e6122e6a40a0

    Changes
    • tags Milestone-0.12 Usability Status-Fixed

New comment

Not published. Used for spam prevention and optional update notifications.