Software / code / prosody
Changeset
10325:f2bbad04cf64
mod_websocket: Guard against upgrading to websocket from a HEAD request
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 12 Oct 2019 19:16:43 +0200 |
| parents | 10324:3f4c25425589 |
| children | 10326:cd1c73c2bdec |
| files | plugins/mod_websocket.lua |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_websocket.lua Sat Oct 12 18:27:54 2019 +0200 +++ b/plugins/mod_websocket.lua Sat Oct 12 19:16:43 2019 +0200 @@ -136,7 +136,7 @@ conn.starttls = false; -- Prevent mod_tls from believing starttls can be done - if not request.headers.sec_websocket_key then + if not request.headers.sec_websocket_key or request.method ~= "GET" then response.headers.content_type = "text/html"; return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body> <p>It works! Now point your WebSocket client to this URL to connect to Prosody.</p>
