Validate Origin of browser dialer page
Fix https://github.com/XTLS/Xray-core/issues/3236
This commit is contained in:
parent
548646fb06
commit
571b67a016
|
@ -21,6 +21,7 @@ const (
|
|||
|
||||
BufferSize = "xray.ray.buffer.size"
|
||||
BrowserDialerAddress = "xray.browser.dialer"
|
||||
BrowserDialerOrigin = "xray.browser.dialer.origin"
|
||||
XUDPLog = "xray.xudp.show"
|
||||
XUDPBaseKey = "xray.xudp.basekey"
|
||||
)
|
||||
|
|
|
@ -26,18 +26,32 @@ var conns chan *websocket.Conn
|
|||
|
||||
func init() {
|
||||
addr := platform.NewEnvFlag(platform.BrowserDialerAddress).GetValue(func() string { return "" })
|
||||
if addr != "" {
|
||||
|
||||
if addr != "" {
|
||||
allowedOrigin := platform.NewEnvFlag(platform.BrowserDialerOrigin).GetValue(func() string { return "http://" + addr })
|
||||
|
||||
conns = make(chan *websocket.Conn, 256)
|
||||
go http.ListenAndServe(addr, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path == "/websocket" {
|
||||
if conn, err := upgrader.Upgrade(w, r, nil); err == nil {
|
||||
conns <- conn
|
||||
} else {
|
||||
newError("Browser dialer http upgrade unexpected error").AtError().WriteToLog()
|
||||
}
|
||||
} else {
|
||||
w.Write(webpage)
|
||||
}
|
||||
if r.URL.Path != "/websocket" {
|
||||
w.Write(webpage)
|
||||
return
|
||||
}
|
||||
|
||||
origin := r.Header.Get("origin")
|
||||
|
||||
if origin != allowedOrigin {
|
||||
newError("Browser dialer unexpected origin: " + origin + " if this is the expected origin, set XRAY_BROWSER_DIALER_ORIGIN").AtError().WriteToLog()
|
||||
return
|
||||
}
|
||||
|
||||
conn, err := upgrader.Upgrade(w, r, nil)
|
||||
|
||||
if err != nil {
|
||||
newError("Browser dialer http upgrade unexpected error").AtError().WriteToLog()
|
||||
return
|
||||
}
|
||||
|
||||
conns <- conn
|
||||
}))
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue