diff options
| author | adamliesko <adamliesko@gmail.com> | 2015-12-05 22:58:31 +0100 |
|---|---|---|
| committer | adamliesko <adamliesko@gmail.com> | 2015-12-12 23:14:49 +0100 |
| commit | 09e10ef643f00c6b4c5877438ed50d2a5f199522 (patch) | |
| tree | 6c8930ff72a0bfa1dfc0474df9a0657b15dae3d0 /lib/action_cable/connection/base.rb | |
| parent | c362beab2edd3dcae248dfaaaf3e0dee12baafa8 (diff) | |
| download | rails-09e10ef643f00c6b4c5877438ed50d2a5f199522.tar.gz rails-09e10ef643f00c6b4c5877438ed50d2a5f199522.tar.bz2 rails-09e10ef643f00c6b4c5877438ed50d2a5f199522.zip | |
Allow regexp for a allowed_request_origins array
Diffstat (limited to 'lib/action_cable/connection/base.rb')
| -rw-r--r-- | lib/action_cable/connection/base.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/action_cable/connection/base.rb b/lib/action_cable/connection/base.rb index b93b6a8a50..95af9c2928 100644 --- a/lib/action_cable/connection/base.rb +++ b/lib/action_cable/connection/base.rb @@ -172,7 +172,7 @@ module ActionCable def allow_request_origin? return true if server.config.disable_request_forgery_protection - if Array(server.config.allowed_request_origins).include? env['HTTP_ORIGIN'] + if Array(server.config.allowed_request_origins).any? { |allowed_origin| allowed_origin === env['HTTP_ORIGIN'] } true else logger.error("Request origin not allowed: #{env['HTTP_ORIGIN']}") @@ -180,6 +180,11 @@ module ActionCable end end + def allowed_origins_match? origin + allowed_origins = Array(server.config.allowed_request_origins) + allowed_origins.any? { |allowed_origin| allowed_origin.is_a?(Regexp) ? allowed_origin =~ origin : allowed_origin == origin } + end + def respond_to_successful_request websocket.rack_response end |