Require WebSocket origins to be whitelisted in order to connect.

Fixes #1281.
author: Peter Powell <petpow@saberuk.com> 2018-10-10 16:45:35 +0100
committer: Peter Powell <petpow@saberuk.com> 2018-10-10 16:45:35 +0100
commit: 553877f7a9eff26166dfa4d953d6f69f9420de28 (patch)
tree: 657c30e461522f721613879b2bf4eae5d8b3a7f1 /docs
parent: 23090cb7e416cf5196bb79e8a99e43dfc2e56a4c (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index 8a22a8c71..72f295cc5 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -2167,6 +2167,12 @@
 # WebSocket connections. Compatible with SSL/TLS.
 # Requires SHA-1 hash support available in the sha1 module.
 #<module name="websocket">
+#
+# If you use the websocket module you MUST specify one or more origins
+# which are allowed to connect to the server. You should set this as
+# strict as possible to prevent malicious webpages from connecting to
+# your server.
+# <wsorigin allow="https://webchat.example.com/*">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # XLine database: Stores all *Lines (G/Z/K/R/any added by other modules)
author	Peter Powell <petpow@saberuk.com>	2018-10-10 16:45:35 +0100
committer	Peter Powell <petpow@saberuk.com>	2018-10-10 16:45:35 +0100
commit	553877f7a9eff26166dfa4d953d6f69f9420de28 (patch)
tree	657c30e461522f721613879b2bf4eae5d8b3a7f1 /docs
parent	23090cb7e416cf5196bb79e8a99e43dfc2e56a4c (diff)