Actually the to attribute shouldn't even be included.
Zash
on
It's perfectly ok to include the XML here instead of linking to an external site, in case it ever goes away in the future.
<!-- OUT -->
<iq to="localhost" type="set" id="40924263533590377" xmlns="jabber:client">
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/>
</iq>
<!-- IN -->
<iq id="40924263533590377" type="error" xmlns="jabber:client" from="localhost">
<error type="cancel">
<service-unavailable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
</error>
</iq>
Sonny Piers
on
My bad, double checked and it is working as expected (without "to" attribute).
I got confused by the fact that the bind request succeed with "local@domain" but not with "domain".
Not sure if it should be considered a bug though.
Zash
on
The bind request isn't technically a stanza, since you can't send stanzas until after resource binding. But it looks like an iq stanza for historical reasons.
Prosody is currently routing it as a normal iq stanza, but does not allow anything else until after resource binding. Internally, if a stanza has to='account bare jid', it removes the attribute to simplify later processing. This is why it's currently working when it actually should not. But then, the client MUST NOT send that.
I'm not opposed to making this stricter, but I would not consider it a priority.
One way to fix that would be https://hg.prosody.im/timber/rev/5d49c365f52c (as part of an experimental/incomplete break out of core routing code into a module).
https://gist.github.com/sonnyp/2c967396dcb73348555cfa2123ca0c7d Prosody replies with a service-unavailable error if the iq bind stanza "to" attribute is missing the local part. However I can't seem to find anywhere in https://xmpp.org/rfcs/rfc6120.html that it is a requirement. In fact it seems the "to" attribute should contain the domain only and using the bare JID might be invalid. 8.1.1.1 XML Stanzas > Common Attributes > to > Client-to-Server Streams https://xmpp.org/rfcs/rfc6120.html#stanzas-attributes-to-c2s > A stanza sent from a client to a server for direct processing by the server [...] MUST NOT possess a 'to' attribute. 9.1.3 Detailed Examples > Resource Binding https://xmpp.org/rfcs/rfc6120.html#examples-c2s-bind I made a small patch but I couldn't find how/where to send it.
Actually the to attribute shouldn't even be included.
It's perfectly ok to include the XML here instead of linking to an external site, in case it ever goes away in the future. <!-- OUT --> <iq to="localhost" type="set" id="40924263533590377" xmlns="jabber:client"> <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/> </iq> <!-- IN --> <iq id="40924263533590377" type="error" xmlns="jabber:client" from="localhost"> <error type="cancel"> <service-unavailable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> </error> </iq>
My bad, double checked and it is working as expected (without "to" attribute). I got confused by the fact that the bind request succeed with "local@domain" but not with "domain". Not sure if it should be considered a bug though.
The bind request isn't technically a stanza, since you can't send stanzas until after resource binding. But it looks like an iq stanza for historical reasons. Prosody is currently routing it as a normal iq stanza, but does not allow anything else until after resource binding. Internally, if a stanza has to='account bare jid', it removes the attribute to simplify later processing. This is why it's currently working when it actually should not. But then, the client MUST NOT send that. I'm not opposed to making this stricter, but I would not consider it a priority. One way to fix that would be https://hg.prosody.im/timber/rev/5d49c365f52c (as part of an experimental/incomplete break out of core routing code into a module).