Software / code / prosody
Diff
plugins/mod_websocket.lua @ 10325:f2bbad04cf64
mod_websocket: Guard against upgrading to websocket from a HEAD request
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 12 Oct 2019 19:16:43 +0200 |
| parent | 10111:0f335815244f |
| child | 10582:6d4562acef81 |
line wrap: on
line diff
--- a/plugins/mod_websocket.lua Sat Oct 12 18:27:54 2019 +0200 +++ b/plugins/mod_websocket.lua Sat Oct 12 19:16:43 2019 +0200 @@ -136,7 +136,7 @@ conn.starttls = false; -- Prevent mod_tls from believing starttls can be done - if not request.headers.sec_websocket_key then + if not request.headers.sec_websocket_key or request.method ~= "GET" then response.headers.content_type = "text/html"; return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body> <p>It works! Now point your WebSocket client to this URL to connect to Prosody.</p>
