diff options
author | Joram Wilander <jwawilander@gmail.com> | 2018-07-30 17:21:57 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-30 17:21:57 -0400 |
commit | cff9ac0df84aad2ad3a3411985c2ddc20e3b4963 (patch) | |
tree | ccccb79c286b083a3e8cc85bb176817db832af11 /app/server.go | |
parent | de1ce2373d4fc924c69c0f3fd47d474dab7e195f (diff) | |
download | chat-cff9ac0df84aad2ad3a3411985c2ddc20e3b4963.tar.gz chat-cff9ac0df84aad2ad3a3411985c2ddc20e3b4963.tar.bz2 chat-cff9ac0df84aad2ad3a3411985c2ddc20e3b4963.zip |
Add siteURL to WS origin check (#9183)
* Add siteURL to WS origin check
* Handle subpath
* Only add site URL if not *
Diffstat (limited to 'app/server.go')
-rw-r--r-- | app/server.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/app/server.go b/app/server.go index 6b2e244d8..0c579593e 100644 --- a/app/server.go +++ b/app/server.go @@ -11,6 +11,7 @@ import ( "io/ioutil" "net" "net/http" + "net/url" "os" "strings" "time" @@ -248,6 +249,14 @@ func (a *App) StopServer() { func (a *App) OriginChecker() func(*http.Request) bool { if allowed := *a.Config().ServiceSettings.AllowCorsFrom; allowed != "" { + if allowed != "*" { + siteURL, err := url.Parse(*a.Config().ServiceSettings.SiteURL) + if err == nil { + siteURL.Path = "" + allowed += " " + siteURL.String() + } + } + return utils.OriginChecker(allowed) } return nil |