Add support for non-web WebSocket connections.

Closes #2066.
2025-03-09 10:39:02 -04:00 · 2024-05-23 14:22:11 +01:00 · 2024-05-23 14:22:11 +01:00 · 07d7535281
commit 07d7535281
parent 09e8670459
2 changed files with 20 additions and 2 deletions
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@ -2640,15 +2640,24 @@
 #              messages as raw binary frames, or "reject" to close
 #              connections which do not request a subprotocol. Defaults
 #              to "text".
+#
 # proxyranges: A space-delimited list of glob or CIDR matches to trust
 #              the X-Real-IP or X-Forwarded-For headers from. If enabled
 #              the server will use the IP address specified by those HTTP
 #              headers. You should NOT enable this unless you are using
 #              a HTTP proxy like nginx as it will allow IP spoofing.
-# nativeping:  Whether to check client connectivity using WebSocket ping
-#              messages instead of IRC ping messages. Defaults to yes.
+#
+# allowmissingorigin: Whether to allow connections from clients that
+#                     don't send an origin header. These are probably
+#                     not web clients so it probably safe to allow this.
+#                     Defaults to yes.
+#
+# nativeping: Whether to check client connectivity using WebSocket ping
+#             messages instead of IRC ping messages. Defaults to yes.
+#
 #<websocket defaultmode="text"
 #           proxyranges="192.0.2.0/24 198.51.100.*"
+#           allowmissingorigin="yes"
 #           nativeping="yes">
 #
 # If you use the websocket module you MUST specify one or more origins
--- a/src/modules/m_websocket.cpp
+++ b/src/modules/m_websocket.cpp
@ -58,6 +58,9 @@ struct WebSocketConfig final
 	// The IP ranges which send trustworthy X-Real-IP or X-Forwarded-For headers.
 	ProxyRanges proxyranges;

+	// Whether to allow connections from clients that do not send an Origin header.
+	bool allowmissingorigin;
+
 	// Whether to send WebSocket ping messages instead of IRC ping messages.
 	bool nativeping;
 };
@ -400,6 +403,11 @@ class WebSocketHook final
 				}
 			}
 		}
+		else if (config.allowmissingorigin)
+		{
+			// This is a non-web WebSocket connection.
+			allowedorigin = true;
+		}
 		else
 		{
 			FailHandshake(sock, "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "WebSocket: Received HTTP request that did not send the Origin header");
@ -662,6 +670,7 @@ public:
 		for (std::string proxyrange; proxyranges.GetToken(proxyrange); )
 			config.proxyranges.push_back(proxyrange);

+		config.allowmissingorigin = tag->getBool("allowmissingorigin", true);
 		config.nativeping = tag->getBool("nativeping", true);

 		// Everything is okay; apply the new config.