diff options
author | Evgeny Khramtsov <xramtsov@gmail.com> | 2019-04-24 18:21:58 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-04-24 18:21:58 +0300 |
commit | 5819733de6cb36d8cb72f90bbfa177585f6af6cd (patch) | |
tree | d3bf8d0aa7f10bd61023555970127036c97db648 | |
parent | Catch potential exceptions in gen_mod:wait_for_process (diff) | |
parent | Fix RFC6454 violation on websocket connection when validating Origin header (diff) |
Merge pull request #2868 from rstgroup/fix-rfc-6455-violation
Fix #2821 RFC6454 violation on websocket connection when validating Origin
-rw-r--r-- | src/ejabberd_websocket.erl | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/ejabberd_websocket.erl b/src/ejabberd_websocket.erl index 7a05cd0f8..edc602f55 100644 --- a/src/ejabberd_websocket.erl +++ b/src/ejabberd_websocket.erl @@ -63,15 +63,15 @@ -define(HEADER, [?CT_XML, ?AC_ALLOW_ORIGIN, ?AC_ALLOW_HEADERS]). check(_Path, Headers) -> - RequiredHeaders = [{'Upgrade', <<"websocket">>}, - {'Connection', ignore}, {'Host', ignore}, - {<<"Sec-Websocket-Key">>, ignore}, - {<<"Sec-Websocket-Version">>, <<"13">>}, - {<<"Origin">>, get_origin()}], + HeadersValidators = [{'Upgrade', <<"websocket">>, true}, + {'Connection', ignore, true}, {'Host', ignore, true}, + {<<"Sec-Websocket-Key">>, ignore, true}, + {<<"Sec-Websocket-Version">>, <<"13">>, true}, + {<<"Origin">>, get_origin(), false}], - F = fun ({Tag, Val}) -> + F = fun ({Tag, Val, Required}) -> case lists:keyfind(Tag, 1, Headers) of - false -> true; % header not found, keep in list + false -> Required; % header not found, keep in list if required {_, HVal} -> case Val of ignore -> false; % ignore value -> ok, remove from list @@ -82,9 +82,9 @@ check(_Path, Headers) -> end end end, - case lists:filter(F, RequiredHeaders) of + case lists:filter(F, HeadersValidators) of [] -> true; - _MissingHeaders -> false + _InvalidHeaders -> false end. socket_handoff(LocalPath, #request{method = 'GET', ip = IP, q = Q, path = Path, |