25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00

Origin header validation on websocket connection (#2821)

This commit is contained in:
Paweł Dorofiejczyk 2019-03-15 12:19:14 +01:00 committed by Paweł Chmielowski
parent 291c05715b
commit 6129720838
2 changed files with 8 additions and 2 deletions

View File

@ -371,5 +371,7 @@ opt_type(websocket_ping_interval) ->
fun (I) when is_integer(I), I >= 0 -> I end;
opt_type(websocket_timeout) ->
fun (I) when is_integer(I), I > 0 -> I end;
opt_type(websocket_origin) ->
fun (O) -> O end;
opt_type(_) ->
[websocket_ping_interval, websocket_timeout].
[websocket_ping_interval, websocket_timeout, websocket_origin].

View File

@ -66,7 +66,8 @@ check(_Path, Headers) ->
RequiredHeaders = [{'Upgrade', <<"websocket">>},
{'Connection', ignore}, {'Host', ignore},
{<<"Sec-Websocket-Key">>, ignore},
{<<"Sec-Websocket-Version">>, <<"13">>}],
{<<"Sec-Websocket-Version">>, <<"13">>},
{<<"Origin">>, get_origin()}],
F = fun ({Tag, Val}) ->
case lists:keyfind(Tag, 1, Headers) of
@ -406,3 +407,6 @@ websocket_close(Socket, WsHandleLoopPid,
websocket_close(Socket, WsHandleLoopPid, SocketMode, _CloseCode) ->
WsHandleLoopPid ! closed,
SocketMode:close(Socket).
get_origin() ->
ejabberd_config:get_option({websocket_origin, ejabberd_config:get_myname()}, ignore).