matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Chat Federation, avoid spoofing:

Browse Source 
When sanitizing remote informations, we check that urls and hosts are on
the correct domain or subdomain.
This commit is contained in:
John Livingston
2023-05-31 16:19:45 +02:00
parent 4faf8a3aea
commit 743c4eabd9
4 changed files with 99 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -17,7 +17,6 @@ Check the [documentation](https://johnxlivingston.github.io/peertube-plugin-live
TODO: documentation, and settings names/descriptions changes related to direct XMPP S2S connections.
TODO?: mod_s2s_peertubelivechat: dont allow to connect to remote server that are not Peertube servers?
TODO: when sanitizing remote chat endpoint, check that the domain is the same as the video domain (or is room.videodomain.tld).
TODO: only compatible with Prosody 0.12.x. So it should be documented for people using «system Prosody». And i should fix the ARM AppImage.
TODO: it seems that in some case A->B can be Websocket, and B->A direct S2S. Check if this is fine. And maybe we can optimise some code, by allowing directS2S event if current server dont accept it.
TODO?: always generate self-signed certificates. Could be used for outgoing s2s?