Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-28 16:34:13 +01:00
Code Releases Activity

Origin header validation on websocket connection (#2821)

Browse Source
This commit is contained in:
Paweł Dorofiejczyk 2019-03-15 12:19:14 +01:00 committed by Paweł Chmielowski
parent 291c05715b
commit 6129720838
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ejabberd_http_ws.erl
View File

@ -371,5 +371,7 @@ opt_type(websocket_ping_interval) ->
fun (I) when is_integer(I), I >= 0 -> I end; fun (I) when is_integer(I), I >= 0 -> I end;
opt_type(websocket_timeout) -> opt_type(websocket_timeout) ->
fun (I) when is_integer(I), I > 0 -> I end; fun (I) when is_integer(I), I > 0 -> I end;
opt_type(websocket_origin) ->
fun (O) -> O end;
opt_type(_) -> opt_type(_) ->
[websocket_ping_interval, websocket_timeout]. [websocket_ping_interval, websocket_timeout, websocket_origin].

6
src/ejabberd_websocket.erl
View File

@ -66,7 +66,8 @@ check(_Path, Headers) ->
RequiredHeaders = [{'Upgrade', <<"websocket">>}, RequiredHeaders = [{'Upgrade', <<"websocket">>},
{'Connection', ignore}, {'Host', ignore}, {'Connection', ignore}, {'Host', ignore},
{<<"Sec-Websocket-Key">>, ignore}, {<<"Sec-Websocket-Key">>, ignore},
{<<"Sec-Websocket-Version">>, <<"13">>}], {<<"Sec-Websocket-Version">>, <<"13">>},
{<<"Origin">>, get_origin()}],
F = fun ({Tag, Val}) -> F = fun ({Tag, Val}) ->
case lists:keyfind(Tag, 1, Headers) of case lists:keyfind(Tag, 1, Headers) of
@ -406,3 +407,6 @@ websocket_close(Socket, WsHandleLoopPid,
websocket_close(Socket, WsHandleLoopPid, SocketMode, _CloseCode) -> websocket_close(Socket, WsHandleLoopPid, SocketMode, _CloseCode) ->
WsHandleLoopPid ! closed, WsHandleLoopPid ! closed,
SocketMode:close(Socket). SocketMode:close(Socket).
get_origin() ->
ejabberd_config:get_option({websocket_origin, ejabberd_config:get_myname()}, ignore).