Websocket Checkorigin is wrongly implemented

Question

Websocket Checkorigin is wrongly implemented

NNcrawler opened this issue 3 years ago · 0 comments

Problem

SERVER_WEBSOCKET_CHECK_ORIGIN should not check origin when set to False. Should check origin and reject if violating CORS when set to true.
Currently, it rejects every connection when set to false. And accept every connection when set to true.

Root Cause

In this line , the checkOrigin function is overridden and return true or false depending on the SERVER_WEBSOCKET_CHECK_ORIGIN value.

Solution

The toggle should be use to toggle checkOrigin function. False value should map to custom CheckOrigin function which always return true. True value should map to nil CheckOrigin function which will lead to use default checkOrigin function.