From 876d6d3afe5b936d585159b6c4f444aed808b5b6 Mon Sep 17 00:00:00 2001
From: Sadie Powell <sadie@witchery.services>
Date: Fri, 7 May 2021 16:09:02 +0100
Subject: Send 400 Bad Request if a WebSocket client doesn't send an origin.

---
 src/modules/m_websocket.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/modules/m_websocket.cpp b/src/modules/m_websocket.cpp
index da8bd382b..c7b7f6d4f 100644
--- a/src/modules/m_websocket.cpp
+++ b/src/modules/m_websocket.cpp
@@ -340,6 +340,11 @@ class WebSocketHook : public IOHookMiddle
 				}
 			}
 		}
+		else
+		{
+			FailHandshake(sock, "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "WebSocket: Received HTTP request that did not send the Origin header");
+			return -1;
+		}
 
 		if (!allowedorigin)
 		{
-- 
cgit v1.2.3