From 6129720838807e0909149061507d08735de8d7b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Dorofiejczyk?= Date: Fri, 15 Mar 2019 12:19:14 +0100 Subject: [PATCH] Origin header validation on websocket connection (#2821) --- src/ejabberd_http_ws.erl | 4 +++- src/ejabberd_websocket.erl | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/ejabberd_http_ws.erl b/src/ejabberd_http_ws.erl index 4b54e67ec..675c7114e 100644 --- a/src/ejabberd_http_ws.erl +++ b/src/ejabberd_http_ws.erl @@ -371,5 +371,7 @@ opt_type(websocket_ping_interval) -> fun (I) when is_integer(I), I >= 0 -> I end; opt_type(websocket_timeout) -> fun (I) when is_integer(I), I > 0 -> I end; +opt_type(websocket_origin) -> + fun (O) -> O end; opt_type(_) -> - [websocket_ping_interval, websocket_timeout]. + [websocket_ping_interval, websocket_timeout, websocket_origin]. diff --git a/src/ejabberd_websocket.erl b/src/ejabberd_websocket.erl index 506ff142b..767c3837b 100644 --- a/src/ejabberd_websocket.erl +++ b/src/ejabberd_websocket.erl @@ -66,7 +66,8 @@ check(_Path, Headers) -> RequiredHeaders = [{'Upgrade', <<"websocket">>}, {'Connection', ignore}, {'Host', ignore}, {<<"Sec-Websocket-Key">>, ignore}, - {<<"Sec-Websocket-Version">>, <<"13">>}], + {<<"Sec-Websocket-Version">>, <<"13">>}, + {<<"Origin">>, get_origin()}], F = fun ({Tag, Val}) -> case lists:keyfind(Tag, 1, Headers) of @@ -406,3 +407,6 @@ websocket_close(Socket, WsHandleLoopPid, websocket_close(Socket, WsHandleLoopPid, SocketMode, _CloseCode) -> WsHandleLoopPid ! closed, SocketMode:close(Socket). + +get_origin() -> + ejabberd_config:get_option({websocket_origin, ejabberd_config:get_myname()}, ignore). \ No newline at end of file