diff options
| author | Chris <ccbrown112@gmail.com> | 2017-07-13 14:02:33 -0700 |
|---|---|---|
| committer | Christopher Brown <ccbrown112@gmail.com> | 2017-07-13 18:48:07 -0700 |
| commit | a18479df0940be8503c9b88993490741793eba9e (patch) | |
| tree | d839053025bc9705659fc89d96360792f8a16d72 /api | |
| parent | 764ff4cb64eb86c87a28a076eed28d8778f194d6 (diff) | |
| download | chat-a18479df0940be8503c9b88993490741793eba9e.tar.gz chat-a18479df0940be8503c9b88993490741793eba9e.tar.bz2 chat-a18479df0940be8503c9b88993490741793eba9e.zip | |
Tweak WebSocket header-processing (#6929)
* fix
* consolidate code
Diffstat (limited to 'api')
| -rw-r--r-- | api/websocket_test.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/api/websocket_test.go b/api/websocket_test.go index a65ebc02e..18e1a6426 100644 --- a/api/websocket_test.go +++ b/api/websocket_test.go @@ -362,6 +362,15 @@ func TestWebsocketOriginSecurity(t *testing.T) { t.Fatal("Should have errored because Origin contain AllowCorsFrom") } + // Should fail because non-matching CORS + *utils.Cfg.ServiceSettings.AllowCorsFrom = "http://www.good.com" + _, _, err = websocket.DefaultDialer.Dial(url+model.API_URL_SUFFIX_V3+"/users/websocket", http.Header{ + "Origin": []string{"http://www.good.co"}, + }) + if err == nil { + t.Fatal("Should have errored because Origin does not match host! SECURITY ISSUE!") + } + *utils.Cfg.ServiceSettings.AllowCorsFrom = "" } |