diff options
| author | Paweł Dorofiejczyk <pawel.dorofiejczyk@gmail.com> | 2019-03-15 12:19:14 +0100 |
|---|---|---|
| committer | Paweł Chmielowski <prefiks@prefiks.org> | 2019-03-15 12:19:14 +0100 |
| commit | 6129720838807e0909149061507d08735de8d7b0 (patch) | |
| tree | e34de1b15b97a0353f02e4cc072b5330e82f7317 /src | |
| parent | Update mysql dependency (diff) | |
Origin header validation on websocket connection (#2821)
Diffstat (limited to 'src')
| -rw-r--r-- | src/ejabberd_http_ws.erl | 4 | ||||
| -rw-r--r-- | src/ejabberd_websocket.erl | 6 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/ejabberd_http_ws.erl b/src/ejabberd_http_ws.erl index 4b54e67ec..675c7114e 100644 --- a/src/ejabberd_http_ws.erl +++ b/src/ejabberd_http_ws.erl @@ -371,5 +371,7 @@ opt_type(websocket_ping_interval) -> fun (I) when is_integer(I), I >= 0 -> I end; opt_type(websocket_timeout) -> fun (I) when is_integer(I), I > 0 -> I end; +opt_type(websocket_origin) -> + fun (O) -> O end; opt_type(_) -> - [websocket_ping_interval, websocket_timeout]. + [websocket_ping_interval, websocket_timeout, websocket_origin]. diff --git a/src/ejabberd_websocket.erl b/src/ejabberd_websocket.erl index 506ff142b..767c3837b 100644 --- a/src/ejabberd_websocket.erl +++ b/src/ejabberd_websocket.erl @@ -66,7 +66,8 @@ check(_Path, Headers) -> RequiredHeaders = [{'Upgrade', <<"websocket">>}, {'Connection', ignore}, {'Host', ignore}, {<<"Sec-Websocket-Key">>, ignore}, - {<<"Sec-Websocket-Version">>, <<"13">>}], + {<<"Sec-Websocket-Version">>, <<"13">>}, + {<<"Origin">>, get_origin()}], F = fun ({Tag, Val}) -> case lists:keyfind(Tag, 1, Headers) of @@ -406,3 +407,6 @@ websocket_close(Socket, WsHandleLoopPid, websocket_close(Socket, WsHandleLoopPid, SocketMode, _CloseCode) -> WsHandleLoopPid ! closed, SocketMode:close(Socket). + +get_origin() -> + ejabberd_config:get_option({websocket_origin, ejabberd_config:get_myname()}, ignore).
\ No newline at end of file |