Tweak WebSocket header-processing (#6929)

* fix * consolidate code
author: Chris <ccbrown112@gmail.com> 2017-07-13 14:02:33 -0700
committer: Christopher Speller <crspeller@gmail.com> 2017-07-13 14:02:33 -0700
commit: 5c3c909c8541f26ae09577338d2302bed2a2f3a9 (patch)
tree: a6939d5db3dd8e2da3b2b4c971ef5d504832043f /api
parent: a1f17c1f8482f3c38e17cabe2365c76a1a2f32d4 (diff)
download: chat-5c3c909c8541f26ae09577338d2302bed2a2f3a9.tar.gz
chat-5c3c909c8541f26ae09577338d2302bed2a2f3a9.tar.bz2
chat-5c3c909c8541f26ae09577338d2302bed2a2f3a9.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/api/websocket_test.go b/api/websocket_test.go
index a65ebc02e..18e1a6426 100644
--- a/api/websocket_test.go
+++ b/api/websocket_test.go
@@ -362,6 +362,15 @@ func TestWebsocketOriginSecurity(t *testing.T) {
 		t.Fatal("Should have errored because Origin contain AllowCorsFrom")
 	}
 
+	// Should fail because non-matching CORS
+	*utils.Cfg.ServiceSettings.AllowCorsFrom = "http://www.good.com"
+	_, _, err = websocket.DefaultDialer.Dial(url+model.API_URL_SUFFIX_V3+"/users/websocket", http.Header{
+		"Origin": []string{"http://www.good.co"},
+	})
+	if err == nil {
+		t.Fatal("Should have errored because Origin does not match host! SECURITY ISSUE!")
+	}
+
 	*utils.Cfg.ServiceSettings.AllowCorsFrom = ""
 }
author	Chris <ccbrown112@gmail.com>	2017-07-13 14:02:33 -0700
committer	Christopher Speller <crspeller@gmail.com>	2017-07-13 14:02:33 -0700
commit	5c3c909c8541f26ae09577338d2302bed2a2f3a9 (patch)
tree	a6939d5db3dd8e2da3b2b4c971ef5d504832043f /api
parent	a1f17c1f8482f3c38e17cabe2365c76a1a2f32d4 (diff)
download	chat-5c3c909c8541f26ae09577338d2302bed2a2f3a9.tar.gz chat-5c3c909c8541f26ae09577338d2302bed2a2f3a9.tar.bz2 chat-5c3c909c8541f26ae09577338d2302bed2a2f3a9.zip