Origin header validation on websocket connection (#2821)

author: Paweł Dorofiejczyk <pawel.dorofiejczyk@gmail.com> 2019-03-15 12:19:14 +0100
committer: Paweł Chmielowski <prefiks@prefiks.org> 2019-03-15 12:19:14 +0100
commit: 6129720838807e0909149061507d08735de8d7b0 (patch)
tree: e34de1b15b97a0353f02e4cc072b5330e82f7317 /src/ejabberd_websocket.erl
parent: Update mysql dependency (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/ejabberd_websocket.erl b/src/ejabberd_websocket.erl
index 506ff142..767c3837 100644
--- a/src/ejabberd_websocket.erl
+++ b/src/ejabberd_websocket.erl
@@ -66,7 +66,8 @@ check(_Path, Headers) ->
     RequiredHeaders = [{'Upgrade', <<"websocket">>},
                        {'Connection', ignore}, {'Host', ignore},
                        {<<"Sec-Websocket-Key">>, ignore},
-                       {<<"Sec-Websocket-Version">>, <<"13">>}],
+                       {<<"Sec-Websocket-Version">>, <<"13">>},
+                       {<<"Origin">>, get_origin()}],
 
     F = fun ({Tag, Val}) ->
 		case lists:keyfind(Tag, 1, Headers) of
@@ -406,3 +407,6 @@ websocket_close(Socket, WsHandleLoopPid,
 websocket_close(Socket, WsHandleLoopPid, SocketMode, _CloseCode) ->
     WsHandleLoopPid ! closed,
     SocketMode:close(Socket).
+
+get_origin() ->
+    ejabberd_config:get_option({websocket_origin, ejabberd_config:get_myname()}, ignore).
+\ No newline at end of file
author	Paweł Dorofiejczyk <pawel.dorofiejczyk@gmail.com>	2019-03-15 12:19:14 +0100
committer	Paweł Chmielowski <prefiks@prefiks.org>	2019-03-15 12:19:14 +0100
commit	6129720838807e0909149061507d08735de8d7b0 (patch)
tree	e34de1b15b97a0353f02e4cc072b5330e82f7317 /src/ejabberd_websocket.erl
parent	Update mysql dependency (diff)