#730 bug(websockets): not properly checked request originv2.3.1-beta.3

#730 bug(websockets): not properly checked request origin
author: Valery Piashchynski <[email protected]> 2021-06-16 15:53:40 +0300
committer: GitHub <[email protected]> 2021-06-16 15:53:40 +0300
commit: 25e0841c6aa5e2686da5b9f74e3d77d3814ff592 (patch)
tree: 5b7c5259375d53b0685bf838555118d5ad93f149 /plugins/websockets/origin.go
parent: 9dc98d43b0c0de3e1e1bd8fdc97c122c7c7c594f (diff)
parent: b1aa5d0ea3617710aec6476bdae956e16b946281 (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/plugins/websockets/origin.go b/plugins/websockets/origin.go
new file mode 100644
index 00000000..c6d9c9b8
--- /dev/null
+++ b/plugins/websockets/origin.go
@@ -0,0 +1,28 @@
+package websockets
+
+import (
+	"strings"
+)
+
+func isOriginAllowed(origin string, cfg *Config) bool {
+	if cfg.allowedAll {
+		return true
+	}
+
+	origin = strings.ToLower(origin)
+	// simple case
+	origin = strings.ToLower(origin)
+	for _, o := range cfg.allowedOrigins {
+		if o == origin {
+			return true
+		}
+	}
+	// check wildcards
+	for _, w := range cfg.allowedWOrigins {
+		if w.match(origin) {
+			return true
+		}
+	}
+
+	return false
+}
author	Valery Piashchynski <[email protected]>	2021-06-16 15:53:40 +0300
committer	GitHub <[email protected]>	2021-06-16 15:53:40 +0300
commit	25e0841c6aa5e2686da5b9f74e3d77d3814ff592 (patch)
tree	5b7c5259375d53b0685bf838555118d5ad93f149 /plugins/websockets/origin.go
parent	9dc98d43b0c0de3e1e1bd8fdc97c122c7c7c594f (diff)
parent	b1aa5d0ea3617710aec6476bdae956e16b946281 (diff)