Before I add my code and explain my problem thoroughly, I thought I'd first ask if there was a way to turn off masking for incoming messages from Clients?

I accept connections using:

server.accept().ok()?.accept().expect("Unable to accept")
(Where server is of type Server)
which in returns
Ok(Client::unchecked(stream, self.headers, false, true)), forcing in_mask to be true.

I can't find a way around this, so any help would be appreciated

Why do you need unmasked messages? Isn't presense of masking regulated by the RFC?

Some of the clients that connect are in c++, and they do not mask messages. It's not an option to change the clients unfortunately

Do other WebSocket server libraries allow such unmasked messages?

I have not picked it up with any other libraries, except CivetWeb

Oh I might've misunderstood your question. I previously used aiohttp and it had no problems with the C++ clients.

Do you think this use case (unmasked data frames from clients) is popular enough to warrant it to be an upstream feature, not just a pecularity of a private fork of the library?

I have absolutely no idea. If I'm the first person with this need, I would guess not. Maybe someone with more experience with other websocket libraries would know

Requiring client-originating frames to be masked is somewhat a security feature that prevents misuse of WebSockets to connect to non-Websocket servers.

Proliferation of servers accepting unmasked frames from clients can influence browsers (or other WebSocket clients where untrusted party can choose WebSocket connection destination) to emit such unmasked frames, which in turn may lead to WebSockets being misused to connect to IRC, e-mail and other unexpected endpoints, eroding the WebSocket security model.

Okay, I'll close this issue then. I've solved it by forking and removing the masking check in dataframe::read_dataframe_body.