From 31e0667a4a53a238d0321194b57b083bd74c0a5b Mon Sep 17 00:00:00 2001
From: Jeija <norrepli@gmail.com>
Date: Thu, 18 Feb 2016 11:38:47 +0100
Subject: Add Lua interface to HTTPFetchRequest

This allows mods to perform both asynchronous and synchronous HTTP
requests. Mods are only granted access to HTTP APIs if either mod
security is disabled or if they are whitelisted in any of the
the secure.http_mods and secure.trusted_mods settings.

Adds httpfetch_caller_alloc_secure to generate random, non-predictable
caller IDs so that lua mods cannot spy on each others HTTP queries.
---
 builtin/settingtypes.txt | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'builtin/settingtypes.txt')

diff --git a/builtin/settingtypes.txt b/builtin/settingtypes.txt
index c21a0325f..9e1997cc6 100644
--- a/builtin/settingtypes.txt
+++ b/builtin/settingtypes.txt
@@ -1100,6 +1100,10 @@ secure.enable_security (Enable mod security) bool false
 #    functions even when mod security is on (via request_insecure_environment()).
 secure.trusted_mods (Trusted mods) string
 
+#	Comma-seperated list of mods that are allowed to access HTTP APIs, which
+#	allow them to upload and download data to/from the internet.
+secure.http_mods (HTTP Mods) string
+
 [Client and Server]
 
 #    Name of the player.
-- 
cgit v1.2.3