%wojtek This may be the very tricky thing to do. List of trusted jids is set by the kernel using injection and further manipulation of those entries is not a good idea. Moreover, it may happen that user wants to have HTTP API and do not want to allow pubsub modifications due to security reasons but may want to have other features. If we do as you suggest it will be an impossible thing to achieve.

I wonder if we could make it easier without making a hole in the security (making HTTP API a trusted jid at PubSub is relaxing our security).

Andrzej, my suggestion was to add this option (by default) to the configuration file generated by web-setup - not to populate the variable or make it active by default (hence inclusion in the http-api/setup section). To make installation more secure one would simply remove this configuration line disabling pubsub http-api. However:

• this could be optional (enable pubsub REST)
• from my observation - if someone wants XMPP with PubSub most of the time they want to interact with it via REST (especially if they enable REST).

%kobit - what do you think?

%wojtek If you want this to be enabled by WebSetup then it is ok with me. There was no mention that you want it in websetup in the original description of the issue.

mea culpa - should have mentioned it more clearly.

Done. I've added it always if http is enabled. It will not cause any issues and if pubsubwas disabled and someone decides, later on, to enable it then trusted will already be there.

Works.