From: Dave McCowan <email address hidden>
Date: Wed, 25 Feb 2015 02:35:48 +0000 (-0500)
Subject: Websocket Proxy should verify Origin header
If the Origin HTTP header passed in the WebSocket handshake does
not match the host, this could indicate an attempt at a
cross-site attack. This commit adds a check to verify
the origin matches the host.
Reviewed: https:/ /review. fuel-infra. org/4382 ci/fuel- 5.1-updates/ 2014.1. 1
Submitter: Vitaly Sedelnik <email address hidden>
Branch: openstack-
Commit: 12c7b428670db12 c2d37dd1c16d9ba 728639d6da
Author: Denis Meltsaykin <email address hidden>
Date: Mon Jun 29 12:41:33 2015
Websocket Proxy should verify Origin header
From: Dave McCowan <email address hidden>
Date: Wed, 25 Feb 2015 02:35:48 +0000 (-0500)
Subject: Websocket Proxy should verify Origin header
If the Origin HTTP header passed in the WebSocket handshake does
not match the host, this could indicate an attempt at a
cross-site attack. This commit adds a check to verify
the origin matches the host.
Change-Id: Ib576c9ab136d18 d04f1f987ea5d06 906d9ec921d
Closes-Bug: #1420273