aboutsummaryrefslogtreecommitdiffstats
path: root/language-web/src/main/java/tools/refinery/language/web/xtext/XtextWebSocketServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'language-web/src/main/java/tools/refinery/language/web/xtext/XtextWebSocketServlet.java')
-rw-r--r--language-web/src/main/java/tools/refinery/language/web/xtext/XtextWebSocketServlet.java9
1 files changed, 4 insertions, 5 deletions
diff --git a/language-web/src/main/java/tools/refinery/language/web/xtext/XtextWebSocketServlet.java b/language-web/src/main/java/tools/refinery/language/web/xtext/XtextWebSocketServlet.java
index 0de6c358..2db11325 100644
--- a/language-web/src/main/java/tools/refinery/language/web/xtext/XtextWebSocketServlet.java
+++ b/language-web/src/main/java/tools/refinery/language/web/xtext/XtextWebSocketServlet.java
@@ -38,11 +38,11 @@ public abstract class XtextWebSocketServlet extends JettyWebSocketServlet implem
38 @Override 38 @Override
39 public void init(ServletConfig config) throws ServletException { 39 public void init(ServletConfig config) throws ServletException {
40 var allowedOriginsStr = config.getInitParameter(ALLOWED_ORIGINS_INIT_PARAM); 40 var allowedOriginsStr = config.getInitParameter(ALLOWED_ORIGINS_INIT_PARAM);
41 if (allowedOriginsStr != null) { 41 if (allowedOriginsStr == null) {
42 log.warn("All WebSocket origins are allowed! This setting should not be used in production!");
43 } else {
42 allowedOrigins = Set.of(allowedOriginsStr.split(ALLOWED_ORIGINS_SEPARATOR)); 44 allowedOrigins = Set.of(allowedOriginsStr.split(ALLOWED_ORIGINS_SEPARATOR));
43 log.info("Allowed origins: {}", allowedOrigins); 45 log.info("Allowed origins: {}", allowedOrigins);
44 } else {
45 log.warn("All WebSocket origins are allowed! This setting should not be used in production!");
46 } 46 }
47 super.init(config); 47 super.init(config);
48 } 48 }
@@ -58,7 +58,7 @@ public abstract class XtextWebSocketServlet extends JettyWebSocketServlet implem
58 public Object createWebSocket(JettyServerUpgradeRequest req, JettyServerUpgradeResponse resp) { 58 public Object createWebSocket(JettyServerUpgradeRequest req, JettyServerUpgradeResponse resp) {
59 if (allowedOrigins != null) { 59 if (allowedOrigins != null) {
60 var origin = req.getOrigin(); 60 var origin = req.getOrigin();
61 if (origin != null && !allowedOrigins.contains(origin.toLowerCase())) { 61 if (origin == null || !allowedOrigins.contains(origin.toLowerCase())) {
62 log.error("Connection from {} from forbidden origin {}", req.getRemoteSocketAddress(), origin); 62 log.error("Connection from {} from forbidden origin {}", req.getRemoteSocketAddress(), origin);
63 try { 63 try {
64 resp.sendForbidden("Origin not allowed"); 64 resp.sendForbidden("Origin not allowed");
@@ -68,7 +68,6 @@ public abstract class XtextWebSocketServlet extends JettyWebSocketServlet implem
68 return null; 68 return null;
69 } 69 }
70 } 70 }
71 log.debug("New connection from {}", req.getRemoteSocketAddress());
72 var session = new SimpleSession(); 71 var session = new SimpleSession();
73 return new XtextWebSocket(session, IResourceServiceProvider.Registry.INSTANCE); 72 return new XtextWebSocket(session, IResourceServiceProvider.Registry.INSTANCE);
74 } 73 }
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-03 02:32:52 +0000