diff options
| author | Kim Alvefur <zash@zash.se> | 2019-10-12 19:16:43 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2019-10-12 19:16:43 +0200 |
| commit | bf5f096225ec159e50e38b6631114553a03adce9 (patch) | |
| tree | 2b65a7230303a5516663ec6f28126c3ca58c74fc | |
| parent | 8e485ec3200359adcc00731a371b4455d24bb562 (diff) | |
| download | prosody-bf5f096225ec159e50e38b6631114553a03adce9.tar.gz prosody-bf5f096225ec159e50e38b6631114553a03adce9.zip | |
mod_websocket: Guard against upgrading to websocket from a HEAD request
| -rw-r--r-- | plugins/mod_websocket.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index c94ea84a..386a4d60 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -136,7 +136,7 @@ function handle_request(event) conn.starttls = false; -- Prevent mod_tls from believing starttls can be done - if not request.headers.sec_websocket_key then + if not request.headers.sec_websocket_key or request.method ~= "GET" then response.headers.content_type = "text/html"; return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body> <p>It works! Now point your WebSocket client to this URL to connect to Prosody.</p> |