Add origin checks to web sockets (#6048)

* Move splitOnFirstEquals to util I will be making use of this to parse the forwarded header. * Type splitOnFirstEquals with two items Also add some test cases. * Check origin header on web sockets * Update changelog with origin check * Fix web sockets not closing with error code
2026-05-05 12:05:18 +02:00 · 2023-03-03 09:12:34 +00:00
parent a47cd81d8c
commit d477972c68
17 changed files with 354 additions and 102 deletions
--- a/src/node/routes/pathProxy.ts
+++ b/src/node/routes/pathProxy.ts
@@ -3,7 +3,7 @@ import * as path from "path"
 import * as qs from "qs"
 import * as pluginapi from "../../../typings/pluginapi"
 import { HttpCode, HttpError } from "../../common/http"
-import { authenticated, ensureAuthenticated, redirect, self } from "../http"
+import { authenticated, ensureAuthenticated, ensureOrigin, redirect, self } from "../http"
 import { proxy as _proxy } from "../proxy"

 const getProxyTarget = (req: Request, passthroughPath?: boolean): string => {
@@ -50,6 +50,7 @@ export async function wsProxy(
    passthroughPath?: boolean
  },
 ): Promise<void> {
+  ensureOrigin(req)
  await ensureAuthenticated(req)
  _proxy.ws(req, req.ws, req.head, {
    ignorePath: true,