1 files changed, 18 insertions, 13 deletions

diff --git a/actioncable/lib/action_cable/connection/base.rb b/actioncable/lib/action_cable/connection/base.rb
index 06f4f5edd3..84053db9fd 100644
--- a/actioncable/lib/action_cable/connection/base.rb
+++ b/actioncable/lib/action_cable/connection/base.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "action_dispatch"
 
 module ActionCable
@@ -22,13 +24,10 @@ module ActionCable
     #         # Any cleanup work needed when the cable connection is cut.
     #       end
     #
-    #       protected
+    #       private
     #         def find_verified_user
-    #           if current_user = User.find_by_identity cookies.signed[:identity_id]
-    #             current_user
-    #           else
+    #           User.find_by_identity(cookies.encrypted[:identity_id]) ||
     #             reject_unauthorized_connection
-    #           end
     #         end
     #     end
     #   end
@@ -129,16 +128,23 @@ module ActionCable
       end
 
       def on_error(message) # :nodoc:
-        # ignore
+        # log errors to make diagnosing socket errors easier
+        logger.error "WebSocket error occurred: #{message}"
       end
 
       def on_close(reason, code) # :nodoc:
         send_async :handle_close
       end
 
+      # TODO Change this to private once we've dropped Ruby 2.2 support.
+      # Workaround for Ruby 2.2 "private attribute?" warning.
       protected
+        attr_reader :websocket
+        attr_reader :message_buffer
+
+      private
         # The request that initiated the WebSocket connection is available here. This gives access to the environment, cookies, etc.
-        def request
+        def request # :doc:
           @request ||= begin
             environment = Rails.application.env_config.merge(env) if defined?(Rails.application) && Rails.application
             ActionDispatch::Request.new(environment || env)
@@ -146,14 +152,10 @@ module ActionCable
         end
 
         # The cookies of the request that initiated the WebSocket connection. Useful for performing authorization checks.
-        def cookies
+        def cookies # :doc:
           request.cookie_jar
         end
 
-        attr_reader :websocket
-        attr_reader :message_buffer
-
-      private
         def encode(cable_message)
           @coder.encode cable_message
         end
@@ -195,7 +197,10 @@ module ActionCable
         def allow_request_origin?
           return true if server.config.disable_request_forgery_protection
 
-          if Array(server.config.allowed_request_origins).any? { |allowed_origin|  allowed_origin === env["HTTP_ORIGIN"] }
+          proto = Rack::Request.new(env).ssl? ? "https" : "http"
+          if server.config.allow_same_origin_as_host && env["HTTP_ORIGIN"] == "#{proto}://#{env['HTTP_HOST']}"
+            true
+          elsif Array(server.config.allowed_request_origins).any? { |allowed_origin|  allowed_origin === env["HTTP_ORIGIN"] }
             true
           else
             logger.error("Request origin not allowed: #{env['HTTP_ORIGIN']}")