Browse code

modules/websocket: Updated documentation and fixed typo in configuration file example

Peter Dunkley authored on 27/09/2012 15:29:03
Showing 3 changed files
... ...
@@ -135,7 +135,12 @@ event_route[xhttp:request] {
135 135
         set_reply_close();
136 136
         set_reply_no_connect();
137 137
 
138
-        if ($Rp != 80 && $Rp != 443) {
138
+        if ($Rp != 80
139
+#!ifdef WITH_TLS
140
+            && $Rp != 443
141
+#!endif
142
+        ) {
143
+
139 144
                 xlog("L_WARN", "HTTP request received on $Rp\n");
140 145
                 xhttp_reply("403", "Forbidden", "", "");
141 146
                 exit;
... ...
@@ -146,17 +151,25 @@ event_route[xhttp:request] {
146 151
         if ($hdr(Upgrade)=~"websocket"
147 152
                         && $hdr(Connection)=~"Upgrade"
148 153
                         && $rm=~"GET") {
149
-                xlog("L_DBG", "WebSocket\n");
150
-                xlog("L_DBG", " Host: $hdr(Host)\n");
151
-                xlog("L_DBG", " Origin: $hdr(Origin)\n");
152 154
 
153
-                if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
155
+                # Validate Host - make sure the client is using the correct
156
+                # alias for WebSockets
157
+                if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
154 158
                         xlog("L_WARN", "Bad host $hdr(Host)\n");
155 159
                         xhttp_reply("403", "Forbidden", "", "");
156 160
                         exit;
157 161
                 }
158 162
 
159
-                # Optional... validate Origin
163
+                # Optional... validate Origin - make sure the client is from an
164
+                # authorised website.  For example,
165
+                #
166
+                # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
167
+                #     && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
168
+                #       xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
169
+                #       xhttp_reply("403", "Forbidden", "", "");
170
+                #       exit;
171
+                # }
172
+
160 173
                 # Optional... perform HTTP authentication
161 174
 
162 175
                 # ws_handle_handshake() exits (no further configuration file
... ...
@@ -51,7 +51,12 @@ event_route[xhttp:request] {
51 51
         set_reply_close();
52 52
         set_reply_no_connect();
53 53
 
54
-        if ($Rp != 80 && $Rp != 443) {
54
+        if ($Rp != 80
55
+#!ifdef WITH_TLS
56
+            && $Rp != 443
57
+#!endif
58
+        ) {
59
+
55 60
                 xlog("L_WARN", "HTTP request received on $Rp\n");
56 61
                 xhttp_reply("403", "Forbidden", "", "");
57 62
                 exit;
... ...
@@ -62,17 +67,25 @@ event_route[xhttp:request] {
62 67
         if ($hdr(Upgrade)=~"websocket"
63 68
                         && $hdr(Connection)=~"Upgrade"
64 69
                         && $rm=~"GET") {
65
-                xlog("L_DBG", "WebSocket\n");
66
-                xlog("L_DBG", " Host: $hdr(Host)\n");
67
-                xlog("L_DBG", " Origin: $hdr(Origin)\n");
68 70
 
69
-                if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
71
+                # Validate Host - make sure the client is using the correct
72
+                # alias for WebSockets
73
+                if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
70 74
                         xlog("L_WARN", "Bad host $hdr(Host)\n");
71 75
                         xhttp_reply("403", "Forbidden", "", "");
72 76
                         exit;
73 77
                 }
74 78
 
75
-                # Optional... validate Origin
79
+                # Optional... validate Origin - make sure the client is from an
80
+                # authorised website.  For example,
81
+                #
82
+                # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
83
+                #     && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
84
+                #       xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
85
+                #       xhttp_reply("403", "Forbidden", "", "");
86
+                #       exit;
87
+                # }
88
+
76 89
                 # Optional... perform HTTP authentication
77 90
 
78 91
                 # ws_handle_handshake() exits (no further configuration file
... ...
@@ -355,7 +355,7 @@ event_route[xhttp:request] {
355 355
 		# processing of the request) when complete.
356 356
 		if (ws_handle_handshake())
357 357
 		{
358
-			# Optional... cache some information abou the
358
+			# Optional... cache some information about the
359 359
 			# successful connection
360 360
 			exit;
361 361
 		}