# HG changeset patch # User Kim Alvefur # Date 1613639130 -3600 # Node ID f9edf26c66fccd229ee660f74d317fd8a5b24476 # Parent 98b7ae7064b27a37df540becc2709a8b34e3f4c9 mod_websocket: Inherit security status from http request Allows requests considered secure becasue of a proxy header to carry over to the client session. mod_bosh does this too. diff -r 98b7ae7064b2 -r f9edf26c66fc plugins/mod_websocket.lua --- a/plugins/mod_websocket.lua Thu Feb 18 10:00:56 2021 +0100 +++ b/plugins/mod_websocket.lua Thu Feb 18 10:05:30 2021 +0100 @@ -266,7 +266,7 @@ -- See mod_http and #540 session.ip = request.ip; - session.secure = consider_websocket_secure or session.secure; + session.secure = consider_websocket_secure or request.secure or session.secure; session.websocket_request = request; session.open_stream = session_open_stream;