mod_websocket: Inherit security status from http request Allows requests considered secure becasue of a proxy header to carry over to the client session. mod_bosh does this too.

author: Kim Alvefur <zash@zash.se>
date: Thu, 18 Feb 2021 10:05:30 +0100
parent: 11114:6a608ecb3471
child: 11393:e6122e6a40a0
--- a/plugins/mod_websocket.lua	Thu Feb 18 10:00:56 2021 +0100
+++ b/plugins/mod_websocket.lua	Thu Feb 18 10:05:30 2021 +0100
@@ -266,7 +266,7 @@
 	-- See mod_http and #540
 	session.ip = request.ip;
 
-	session.secure = consider_websocket_secure or session.secure;
+	session.secure = consider_websocket_secure or request.secure or session.secure;
 	session.websocket_request = request;
 
 	session.open_stream = session_open_stream;