extend WebSocket origin check to allow APP_DOMAIN
gwimmel opened this issue · comments
I'm evaluating a self-hosted instance of Thunderdome on Azure Container Apps routed via an Azure Application Gateway.
This works if I set the APP_DOMAIN configuration correctly, only that the WebSocket origin check fails in this case, as without further configuration, the Host is set to the Container Apps Host and WebSocket Origin is set to the Host/Domain used on the Azure Application Gateway.
I'd suggest allowing the APP_DOMAIN in the origin check as well (but not sure if this would have any adverse side effects).
Looking at the Gorilla websocket library docs for the upgrader CheckOrigin function I think this would be fairly easy to implement.
Yes, shouldn't be very complicated. I could try and provide a PR, but it would probably clash with #532 ?