faeez/mxmbsocket
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Repo. Project Releases Wiki Activity

[Http] Fixed bug in Origin check - browser may pass http://

Browse Source
This commit is contained in:
Chris Boden 2013-08-05 16:23:38 -04:00
parent 4039a643ea
commit 6559aaf1d4
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Ratchet/Http/OriginCheck.php
View File

@ -31,7 +31,8 @@ class OriginCheck implements HttpServerInterface {
* {@inheritdoc} * {@inheritdoc}
*/ */
public function onOpen(ConnectionInterface $conn, RequestInterface $request = null) { public function onOpen(ConnectionInterface $conn, RequestInterface $request = null) {
$origin = (string)$request->getHeader('Origin'); $header = (string)$request->getHeader('Origin');
$origin = parse_url($header, PHP_URL_HOST) ?: $header;
if (!in_array($origin, $this->allowedOrigins)) { if (!in_array($origin, $this->allowedOrigins)) {
return $this->close($conn, 403); return $this->close($conn, 403);