adamf/web_server
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix WebSocket 403 in dev mode by allowing localhost origins
Some checks failed
Deploy with Docker Compose / deploy (push) Has been cancelled
Details

Browse Source 
The CheckOrigin function only accepted the production domain, rejecting
localhost connections in dev. Also removed redundant error response after
a failed upgrade since the upgrader already writes its own HTTP response.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Adam French
2026-03-25 16:59:13 +00:00
parent d3d3269d49
commit 29350af2e0
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/handlers/handle_websocket.go
View File

@@ -8,7 +8,7 @@ import (
func (store *Store) ConnectWebSocket(ctx *gin.Context) { func (store *Store) ConnectWebSocket(ctx *gin.Context) {
conn, err := services.Upgrader.Upgrade(ctx.Writer, ctx.Request, nil) conn, err := services.Upgrader.Upgrade(ctx.Writer, ctx.Request, nil)
if err != nil { if err != nil {
ctx.JSON(500, gin.H{"error": err.Error()}) // Upgrader already wrote the HTTP error response, so just return
return return
} }

4
backend/services/websocket.go
View File

@@ -26,7 +26,9 @@ var Upgrader = websocket.Upgrader{
} }
origin = strings.TrimPrefix(origin, "https://") origin = strings.TrimPrefix(origin, "https://")
origin = strings.TrimPrefix(origin, "http://") origin = strings.TrimPrefix(origin, "http://")
return origin == allowedDomain || origin == "www."+allowedDomain // Strip port for localhost comparisons (e.g. "localhost:80")
host := strings.Split(origin, ":")[0]
return origin == allowedDomain || origin == "www."+allowedDomain || host == "localhost"
}, },
} }