2 files changed, 12 insertions, 3 deletions

diff --git a/lib/action_cable/connection/base.rb b/lib/action_cable/connection/base.rb
index a629f29643..ac45124a28 100644
--- a/lib/action_cable/connection/base.rb
+++ b/lib/action_cable/connection/base.rb
@@ -151,7 +151,6 @@ module ActionCable
           server.add_connection(self)
         rescue ActionCable::Connection::Authorization::UnauthorizedError
           respond_to_invalid_request
-          close
         end
 
         def on_message(message)
@@ -186,6 +185,8 @@ module ActionCable
         end
 
         def respond_to_invalid_request
+          close if websocket.alive?
+
           logger.info finished_request_message
           [ 404, { 'Content-Type' => 'text/plain' }, [ 'Page not found' ] ]
         end
diff --git a/test/connection/authorization_test.rb b/test/connection/authorization_test.rb
index 762c90fbbc..68668b2835 100644
--- a/test/connection/authorization_test.rb
+++ b/test/connection/authorization_test.rb
@@ -8,17 +8,25 @@ class ActionCable::Connection::AuthorizationTest < ActionCable::TestCase
     def connect
       reject_unauthorized_connection
     end
+
+    def send_async(method, *args)
+      # Bypass Celluloid
+      send method, *args
+    end
   end
 
   test "unauthorized connection" do
     run_in_eventmachine do
       server = TestServer.new
-      env = Rack::MockRequest.env_for "/test", 'HTTP_CONNECTION' => 'upgrade', 'HTTP_UPGRADE' => 'websocket'
+      server.config.allowed_request_origins = %w( http://rubyonrails.com )
+
+      env = Rack::MockRequest.env_for "/test", 'HTTP_CONNECTION' => 'upgrade', 'HTTP_UPGRADE' => 'websocket',
+        'HTTP_ORIGIN' => 'http://rubyonrails.com'
 
       connection = Connection.new(server, env)
       connection.websocket.expects(:close)
+
       connection.process
-      connection.send :on_open
     end
   end
 end