diff options
author | Paweł Dorofiejczyk <pawel.dorofiejczyk@gmail.com> | 2019-03-15 12:19:14 +0100 |
---|---|---|
committer | Paweł Chmielowski <prefiks@prefiks.org> | 2019-03-15 12:19:14 +0100 |
commit | 6129720838807e0909149061507d08735de8d7b0 (patch) | |
tree | e34de1b15b97a0353f02e4cc072b5330e82f7317 /src/ejabberd_websocket.erl | |
parent | Update mysql dependency (diff) |
Origin header validation on websocket connection (#2821)
Diffstat (limited to 'src/ejabberd_websocket.erl')
-rw-r--r-- | src/ejabberd_websocket.erl | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/ejabberd_websocket.erl b/src/ejabberd_websocket.erl index 506ff142..767c3837 100644 --- a/src/ejabberd_websocket.erl +++ b/src/ejabberd_websocket.erl @@ -66,7 +66,8 @@ check(_Path, Headers) -> RequiredHeaders = [{'Upgrade', <<"websocket">>}, {'Connection', ignore}, {'Host', ignore}, {<<"Sec-Websocket-Key">>, ignore}, - {<<"Sec-Websocket-Version">>, <<"13">>}], + {<<"Sec-Websocket-Version">>, <<"13">>}, + {<<"Origin">>, get_origin()}], F = fun ({Tag, Val}) -> case lists:keyfind(Tag, 1, Headers) of @@ -406,3 +407,6 @@ websocket_close(Socket, WsHandleLoopPid, websocket_close(Socket, WsHandleLoopPid, SocketMode, _CloseCode) -> WsHandleLoopPid ! closed, SocketMode:close(Socket). + +get_origin() -> + ejabberd_config:get_option({websocket_origin, ejabberd_config:get_myname()}, ignore).
\ No newline at end of file |