#1172 mod_bosh and mod_websocket: Don't report "It works" on insecure GET

Reporter MattJ
Owner Nobody
Created
Updated
Stars ★ (1)
Tags
  • Type-Enhancement
  • Status-Accepted
  • Priority-Medium
  1. MattJ on

    The default "it works" page that mod_bosh and mod_websocket serve for a GET request could be improved with some more detail. In particular, if the request is received over HTTP (and not HTTPS) it should give a warning if consider_X_secure is not set. Also we could consider reporting some useful info about what we think the client's IP address is (i.e. to ensure trusted_proxies is set correctly).

New comment

Not published. Used for spam prevention and optional update notifications.