diff --git a/README b/README index b6dcdcc..c297f05 100644 --- a/README +++ b/README @@ -74,6 +74,9 @@ The fields are as follows: - `admin` defines the users allowed to look at the `/stats.html` file; it has the same syntax as user definitions in groups (see below). +- `publicServer`: if true, then cross-origin access to the server is + allowed. This is safe if the server is on the public Internet, but not + necessarily so if it is on a private network. - `proxyURL`: if running behind a reverse proxy, this specifies the address of the proxy. - `canonicalHost`: the canonical name of the host running the server; this diff --git a/group/group.go b/group/group.go index accedaa..ff76b26 100644 --- a/group/group.go +++ b/group/group.go @@ -854,6 +854,7 @@ type Configuration struct { modTime time.Time `json:"-"` fileSize int64 `json:"-"` + PublicServer bool `json:"publicServer"` CanonicalHost string `json:"canonicalHost"` ProxyURL string `json:"proxyURL"` Admin []ClientPattern `json:"admin"` diff --git a/webserver/webserver.go b/webserver/webserver.go index 3b1d21c..01bab76 100644 --- a/webserver/webserver.go +++ b/webserver/webserver.go @@ -479,8 +479,26 @@ var wsUpgrader = websocket.Upgrader{ HandshakeTimeout: 30 * time.Second, } +var wsPublicUpgrader = websocket.Upgrader{ + HandshakeTimeout: 30 * time.Second, + CheckOrigin: func(r *http.Request) bool { + return true + }, +} + func wsHandler(w http.ResponseWriter, r *http.Request) { - conn, err := wsUpgrader.Upgrade(w, r, nil) + conf, err := group.GetConfiguration() + if err != nil { + http.Error(w, "Internal server error", + http.StatusInternalServerError) + return + } + upgrader := wsUpgrader + if conf.PublicServer { + upgrader = wsPublicUpgrader + } + + conn, err := upgrader.Upgrade(w, r, nil) if err != nil { log.Printf("Websocket upgrade: %v", err) return