Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_websocket: Guard against upgrading to websocket from a HEAD request
authorKim Alvefur <zash@zash.se>
Sat, 12 Oct 2019 19:16:43 +0200
changeset 10329 f2bbad04cf64
parent 10328 3f4c25425589
child 10330 cd1c73c2bdec
mod_websocket: Guard against upgrading to websocket from a HEAD request
plugins/mod_websocket.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_websocket.lua	Sat Oct 12 18:27:54 2019 +0200
+++ b/plugins/mod_websocket.lua	Sat Oct 12 19:16:43 2019 +0200
@@ -136,7 +136,7 @@
 
 	conn.starttls = false; -- Prevent mod_tls from believing starttls can be done
 
-	if not request.headers.sec_websocket_key then
+	if not request.headers.sec_websocket_key or request.method ~= "GET" then
 		response.headers.content_type = "text/html";
 		return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body>
 			<p>It works! Now point your WebSocket client to this URL to connect to Prosody.</p>
prosody