Salastil/streamwall
1
0
Fork 0
mirror of https://github.com/streamwall/streamwall.git synced 2026-01-24 22:22:50 -05:00
Code Issues Packages Projects Releases Wiki Activity

Validate Origin header for WebSocket requests

Browse Source
This commit is contained in:
Max Goodhart
2020-07-02 13:54:50 -07:00
parent c9c84d7530
commit aaac169a58
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/node/server.js
View File

@@ -15,6 +15,7 @@ import websocket from 'koa-easy-ws'
const webDistPath = path.join(app.getAppPath(), 'web') const webDistPath = path.join(app.getAppPath(), 'web')
function initApp({ username, password, baseURL, getInitialState, onMessage }) { function initApp({ username, password, baseURL, getInitialState, onMessage }) {
const expectedOrigin = new URL(baseURL).origin
const sockets = new Set() const sockets = new Set()
const app = new Koa() const app = new Koa()
@@ -38,6 +39,11 @@ function initApp({ username, password, baseURL, getInitialState, onMessage }) {
app.use( app.use(
route.get('/ws', async (ctx) => { route.get('/ws', async (ctx) => {
if (ctx.ws) { if (ctx.ws) {
if (ctx.headers.origin !== expectedOrigin) {
ctx.status = 403
return
}
const ws = await ctx.ws() const ws = await ctx.ws()
sockets.add(ws) sockets.add(ws)