Add siteURL to WS origin check (#9183)

* Add siteURL to WS origin check * Handle subpath * Only add site URL if not *
author: Joram Wilander <jwawilander@gmail.com> 2018-07-30 17:21:57 -0400
committer: GitHub <noreply@github.com> 2018-07-30 17:21:57 -0400
commit: cff9ac0df84aad2ad3a3411985c2ddc20e3b4963 (patch)
tree: ccccb79c286b083a3e8cc85bb176817db832af11 /app/server.go
parent: de1ce2373d4fc924c69c0f3fd47d474dab7e195f (diff)
download: chat-cff9ac0df84aad2ad3a3411985c2ddc20e3b4963.tar.gz
chat-cff9ac0df84aad2ad3a3411985c2ddc20e3b4963.tar.bz2
chat-cff9ac0df84aad2ad3a3411985c2ddc20e3b4963.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/app/server.go b/app/server.go
index 6b2e244d8..0c579593e 100644
--- a/app/server.go
+++ b/app/server.go
@@ -11,6 +11,7 @@ import (
 	"io/ioutil"
 	"net"
 	"net/http"
+	"net/url"
 	"os"
 	"strings"
 	"time"
@@ -248,6 +249,14 @@ func (a *App) StopServer() {
 
 func (a *App) OriginChecker() func(*http.Request) bool {
 	if allowed := *a.Config().ServiceSettings.AllowCorsFrom; allowed != "" {
+		if allowed != "*" {
+			siteURL, err := url.Parse(*a.Config().ServiceSettings.SiteURL)
+			if err == nil {
+				siteURL.Path = ""
+				allowed += " " + siteURL.String()
+			}
+		}
+
 		return utils.OriginChecker(allowed)
 	}
 	return nil
author	Joram Wilander <jwawilander@gmail.com>	2018-07-30 17:21:57 -0400
committer	GitHub <noreply@github.com>	2018-07-30 17:21:57 -0400
commit	cff9ac0df84aad2ad3a3411985c2ddc20e3b4963 (patch)
tree	ccccb79c286b083a3e8cc85bb176817db832af11 /app/server.go
parent	de1ce2373d4fc924c69c0f3fd47d474dab7e195f (diff)
download	chat-cff9ac0df84aad2ad3a3411985c2ddc20e3b4963.tar.gz chat-cff9ac0df84aad2ad3a3411985c2ddc20e3b4963.tar.bz2 chat-cff9ac0df84aad2ad3a3411985c2ddc20e3b4963.zip