Send 400 Bad Request if a WebSocket client doesn't send an origin.

author: Sadie Powell <sadie@witchery.services> 2021-05-07 16:09:02 +0100
committer: Sadie Powell <sadie@witchery.services> 2021-05-07 16:09:02 +0100
commit: 876d6d3afe5b936d585159b6c4f444aed808b5b6 (patch)
tree: cb29a7bd2f5b4c2d98c29a8485f015e7579dad95 /src/modules
parent: e4560ecec44e74cff7b31695114a3b52304beac3 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/modules/m_websocket.cpp b/src/modules/m_websocket.cpp
index da8bd382b..c7b7f6d4f 100644
--- a/src/modules/m_websocket.cpp
+++ b/src/modules/m_websocket.cpp
@@ -340,6 +340,11 @@ class WebSocketHook : public IOHookMiddle
 				}
 			}
 		}
+		else
+		{
+			FailHandshake(sock, "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "WebSocket: Received HTTP request that did not send the Origin header");
+			return -1;
+		}
 
 		if (!allowedorigin)
 		{
author	Sadie Powell <sadie@witchery.services>	2021-05-07 16:09:02 +0100
committer	Sadie Powell <sadie@witchery.services>	2021-05-07 16:09:02 +0100
commit	876d6d3afe5b936d585159b6c4f444aed808b5b6 (patch)
tree	cb29a7bd2f5b4c2d98c29a8485f015e7579dad95 /src/modules
parent	e4560ecec44e74cff7b31695114a3b52304beac3 (diff)