I'd like to see an option to hide the security warning for mod_http_file_share. https://hg.prosody.im/trunk/file/a91440ddf9a2/plugins/mod_http_file_share.lua#l624 Similar to consider_websocket_secure and consider_bosh_secure.

Thanks for your request. Can you explain why you want this? If you have a reverse proxy handling https, this is better solved by communicating from the proxy to Prosody: https://prosody.im/doc/http#trusted_proxies

• tags Status-NeedInfo

Hi Zash, I want this option for consistency. I experimented with trusted_proxies, but realized that I can't reliably distinguish connections from the reverse proxy and from the other users. The warning is displayed on the /file_share/ path, so I configured reverse proxy like this: location = /file_share/ { return 404; } location /file_share/ { proxy_pass http://127.0.0.1:5280; } location / { return 404; }

Consistency would certainly be good, but I would lean towards deprecating consider_websocket_secure and consider_bosh_secure. consider_websocket_secure and consider_bosh_secure have actual effects on the bosh and websocket connections, while the warning in mod_http_file_share does not, its only purpose is to help you configure your proxy. So I don't think we want to add another setting. I don't see why you couldn't distinguish users from the proxy but if hiding the base page works then that's fine too.

• tags Status-WontFix