Websocket origin check inconsistent
RJ opened this issue · comments
Richard Jones commented
Looks like misultin_ws:get(origin) only uses the "Origin" header, which is correct for newer versions of the websocket protocol.
Older versions still rely on "Sec-Websocket-Origin"
I'm doing origin lookups like this in my code, because not all clients are sending an Origin: header yet:
case WS:get(origin) of
false ->
Headers = WS:get(headers),
proplists:get_value("Sec-Websocket-Origin", Headers, false);
Origin -> Origin
end
Would probably make sense for misultin_ws:get(origin) to take care of that.
Roberto Ostinelli commented
fixed 33ab595