Giters

ostinelli / misultin

Misultin (pronounced mee-sool-téen) is an Erlang library for building fast lightweight HTTP(S) servers, which also supports websockets.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Websocket origin check inconsistent

RJ opened this issue · comments

commented

Looks like misultin_ws:get(origin) only uses the "Origin" header, which is correct for newer versions of the websocket protocol.

Older versions still rely on "Sec-Websocket-Origin"

I'm doing origin lookups like this in my code, because not all clients are sending an Origin: header yet:

case WS:get(origin) of
false ->
Headers = WS:get(headers),
proplists:get_value("Sec-Websocket-Origin", Headers, false);
Origin -> Origin
end

Would probably make sense for misultin_ws:get(origin) to take care of that.