This should bring some fixes and general robustness that mod_websocket had
missed out on. The duplicated code here is not at all ideal. To prevent this
happening again, we should figure out how to have the common logic in a single
place, while still being able to do the websocket-specific parts that we need.
The main known bug that this fixes is that it's possible for a session to get
into a non-destroyable state. For example, if we try to session:close() a
hibernating session, then session.conn is nil and the function will simply
return without doing anything. In the mod_c2s code we already handle this, and
just destroy the session. But if a hibernating websocket session is never
resumed or becomes non-resumable, it will become immortal!
By merging the fix from mod_c2s, the session should now be correctly
destroyed.
Many of these fall into a few categories:
- util.cache size, must be >= 1
- byte or item counts that logically can't be negative
- port numbers that should be in 1..0xffff
This event was added in a7c183bb4e64 and is required to make mod_smacks know
that a session was intentionally closed and shouldn't be hibernated (see
fcea4d9e7502).
Because this was missing from mod_websocket's session.close(), mod_smacks
would always attempt to hibernate websocket sessions even if they closed
cleanly.
That mod_websocket has its own copy of session.close() is something to fix
another day (probably not in the stable branch). So for now this commit makes
the minimal change to get things working again.
Thanks to Damian and the Jitsi team for reporting.
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
Global modules aren't quite considered loaded onto hosts, which
causes confusion in some cases. They are also reported in the log as
being served on http://*:5280/foo which is also a bit confusing, and
can't be clicked.
Global modules also have to have their paths configured in the global
section, which could be confusing and unexpected.
This global+shared method should be the best of both worlds.
Previously any error, or even a normal websocket close frame, would return early,
leaving potentially entire frames in the buffer unprocessed and then discarded.
This change stops processing new data, but returns an existing processed data up
to the point of the error/close.
c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB.
These values are aligned with ejabberd's default settings, which should reduce
issues related to inconsistent size limits between servers on the XMPP network.
The previous default (10MB) is excessive for any production server, and allows
significant memory usage by even unauthenticated sessions.
Checking for `stanza.attr.xmlns == nil` to determine if the stanza
object is an actual stanza (`<message>`, `<presence>` or `<iq>` in the
`jabber:client` or `jabbber:server` namespace) or some other stream
element.
Since this mutation is not reverted, it may leak to other places and
cause them to mistreat stanzas as stream elements. Especially in cases
like MUC where a single stanza is broadcast to many recipients.
