IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

PLT-6393: Fix Websocket CORS header check. (#6335)

Browse Source
This commit is contained in:
George Goldberg
2017-05-04 22:21:28 +01:00
committed by Joram Wilander
parent 010ec23af3
commit 85c2d5a478
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/websocket_test.go
View File

@@ -345,7 +345,7 @@ func TestWebsocketOriginSecurity(t *testing.T) {
}
// Should succeed now because matching CORS
*utils.Cfg.ServiceSettings.AllowCorsFrom = "www.evil.com"
*utils.Cfg.ServiceSettings.AllowCorsFrom = "http://www.evil.com"
_, _, err = websocket.DefaultDialer.Dial(url+model.API_URL_SUFFIX_V3+"/users/websocket", http.Header{
"Origin": []string{"http://www.evil.com"},
})
@@ -354,7 +354,7 @@ func TestWebsocketOriginSecurity(t *testing.T) {
}
// Should fail because non-matching CORS
*utils.Cfg.ServiceSettings.AllowCorsFrom = "www.good.com"
*utils.Cfg.ServiceSettings.AllowCorsFrom = "http://www.good.com"
_, _, err = websocket.DefaultDialer.Dial(url+model.API_URL_SUFFIX_V3+"/users/websocket", http.Header{
"Origin": []string{"http://www.evil.com"},
})