StevenWeathers / thunderdome-planning-poker

⚡ Thunderdome is an open source agile planning poker, sprint retro, and story mapping tool

Home Page:https://thunderdome.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

extend WebSocket origin check to allow APP_DOMAIN

gwimmel opened this issue · comments

I'm evaluating a self-hosted instance of Thunderdome on Azure Container Apps routed via an Azure Application Gateway.
This works if I set the APP_DOMAIN configuration correctly, only that the WebSocket origin check fails in this case, as without further configuration, the Host is set to the Container Apps Host and WebSocket Origin is set to the Host/Domain used on the Azure Application Gateway.

I'd suggest allowing the APP_DOMAIN in the origin check as well (but not sure if this would have any adverse side effects).

Looking at the Gorilla websocket library docs for the upgrader CheckOrigin function I think this would be fairly easy to implement.

Yes, shouldn't be very complicated. I could try and provide a PR, but it would probably clash with #532 ?

Yes, shouldn't be very complicated. I could try and provide a PR, but it would probably clash with #532 ?

Feel free to give it a shot, I'm not going to work on #532 right away as I have other things I'd like to get done before then unrelated to the websockets.