Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally check origin for WebSockets connection #452

Closed
wants to merge 2 commits into from
Closed

Optionally check origin for WebSockets connection #452

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ce16be5
Optionally check origin for WebSockets connection
buybackoff May 26, 2016
dffc4be
Add a lens, remove braces, use ToLowerInvariant()
buybackoff May 27, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions examples/WebSocket/Program.fs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ open Suave.Files
open Suave.RequestErrors
open Suave.Logging
open Suave.Utils

open Suave.CORS
open System
open System.Net

Expand All @@ -33,9 +33,11 @@ let echo (webSocket : WebSocket) =
| _ -> ()
}

let corsConfig = { defaultCORSConfig with allowedUris = InclusiveOption.Some [ "http://localhost:8083" ]; checkWebSocketOrigin = false }

let app : WebPart =
choose [
path "/websocket" >=> handShake echo
path "/websocket" >=> cors corsConfig >=> handShake echo
GET >=> choose [ path "/" >=> file "index.html"; browseHome ];
NOT_FOUND "Found no handlers."
]
Expand Down
14 changes: 10 additions & 4 deletions src/Suave/Combinators.fs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -790,13 +790,17 @@ module CORS =
exposeHeaders : bool

/// Max age in seconds the user agent is allowed to cache the result of the request.
maxAge : int option }
maxAge : int option

/// Should WebSocket connections be checked for origin?
checkWebSocketOrigin : bool }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need a lens to go with it

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is a lens and where is an example how to add it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just below, all the static methods


static member allowedUris_ = Property<CORSConfig,_> (fun x -> x.allowedUris) (fun v x -> { x with allowedUris = v })
static member allowedMethods_ = Property<CORSConfig,_> (fun x -> x.allowedMethods) (fun v x -> { x with allowedMethods = v })
static member allowCookies_ = Property<CORSConfig,_> (fun x -> x.allowCookies) (fun v x -> { x with allowCookies = v })
static member exposeHeaders_ = Property<CORSConfig,_> (fun x -> x.exposeHeaders) (fun v x -> { x with exposeHeaders = v })
static member maxAge_ = Property<CORSConfig,_> (fun x -> x.maxAge) (fun v x -> { x with maxAge = v })
static member checkWebSocketOrigin_ = Property<CORSConfig,_> (fun x -> x.checkWebSocketOrigin) (fun v x -> { x with checkWebSocketOrigin = v })

let private isAllowedOrigin config (value : string) =
match config.allowedUris with
Expand Down Expand Up @@ -878,7 +882,7 @@ module CORS =

| Choice2Of2 _ ->
succeed ctx

| _ ->
if allowedOrigin then
let composed =
Expand All @@ -888,7 +892,8 @@ module CORS =
>=> setAllowMethodsHeader config "*"
composed ctx
else
succeed ctx // No headers will be sent. Browser will deny.
if config.checkWebSocketOrigin && (req.header "upgrade" |> Choice.map (fun s -> s.ToLowerInvariant()) = Choice1Of2 "websocket") then fail
else succeed ctx // No headers will be sent. Browser will deny.

| Choice2Of2 _ ->
succeed ctx // Not a CORS request
Expand All @@ -899,4 +904,5 @@ module CORS =
allowedMethods = InclusiveOption.All
allowCookies = true
exposeHeaders = true
maxAge = None }
maxAge = None
checkWebSocketOrigin = false }
5 changes: 4 additions & 1 deletion src/Suave/Combinators.fsi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1575,7 +1575,10 @@ module CORS =
exposeHeaders : bool

/// Max age in seconds the user agent is allowed to cache the result of the request.
maxAge : int option }
maxAge : int option

/// Should WebSocket connections be checked for origin?
checkWebSocketOrigin : bool }

static member allowedUris_ : Property<CORSConfig, InclusiveOption<string list>>
static member allowedMethods_ : Property<CORSConfig, InclusiveOption<HttpMethod list>>
Expand Down
2 changes: 1 addition & 1 deletion src/Suave/WebSocket.fs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ module WebSocket =
let r = ctx.request
if r.``method`` <> HttpMethod.GET then
return! RequestErrors.METHOD_NOT_ALLOWED "Method not allowed" ctx
elif r.header "upgrade" |> Choice.map (fun s -> s.ToLower()) <> Choice1Of2 "websocket" then
elif r.header "upgrade" |> Choice.map (fun s -> s.ToLowerInvariant()) <> Choice1Of2 "websocket" then
return! RequestErrors.BAD_REQUEST "Bad Request" ctx
else
match r.header "connection" with
Expand Down