strict host check vhost flag
https://github.com/warmcat/libwebsockets/issues/1423
If you vhost->options has the flag LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK,
then if the server is sent an upgrade request, the content of the Host: header is
required to match the vhost name + port. The port is set to the well-known values
of 80 and 443 if no :port on the host: value, depending on tls or not on the
connection.
minimal-ws-server can now take a -h flag to set this. lejp-conf (eg, lwsws) can now take
a flag strict-host-check on the vhost to enable it as well.
diff --git a/lib/roles/http/server/lejp-conf.c b/lib/roles/http/server/lejp-conf.c
index cc6a766..2050238 100644
--- a/lib/roles/http/server/lejp-conf.c
+++ b/lib/roles/http/server/lejp-conf.c
@@ -109,6 +109,7 @@
"vhosts[].ssl-client-option-clear",
"vhosts[].tls13-ciphers",
"vhosts[].client-tls13-ciphers",
+ "vhosts[].strict-host-check",
};
enum lejp_vhost_paths {
@@ -164,6 +165,7 @@
LEJPVP_SSL_CLIENT_OPTION_CLEAR,
LEJPVP_TLS13_CIPHERS,
LEJPVP_CLIENT_TLS13_CIPHERS,
+ LEJPVP_FLAG_STRICT_HOST_CHECK,
};
static const char * const parser_errs[] = {
@@ -754,6 +756,15 @@
return 0;
+ case LEJPVP_FLAG_STRICT_HOST_CHECK:
+ if (arg_to_bool(ctx->buf))
+ a->info->options |=
+ LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK;
+ else
+ a->info->options &=
+ ~(LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK);
+ return 0;
+
case LEJPVP_ERROR_DOCUMENT_404:
a->info->error_document_404 = a->p;
break;