diff options
| author | Kim Alvefur <zash@zash.se> | 2019-10-12 19:16:43 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2019-10-12 19:16:43 +0200 |
| commit | 165db3098de67c7cca33ecbe0e41a9dafc61d056 (patch) | |
| tree | 2b65a7230303a5516663ec6f28126c3ca58c74fc | |
| parent | 3a80fa84005eb38cdfb90125ac667d7fda591bdc (diff) | |
| download | prosody-165db3098de67c7cca33ecbe0e41a9dafc61d056.tar.gz prosody-165db3098de67c7cca33ecbe0e41a9dafc61d056.zip | |
mod_websocket: Guard against upgrading to websocket from a HEAD request
| -rw-r--r-- | plugins/mod_websocket.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index c94ea84a..386a4d60 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -136,7 +136,7 @@ function handle_request(event) conn.starttls = false; -- Prevent mod_tls from believing starttls can be done - if not request.headers.sec_websocket_key then + if not request.headers.sec_websocket_key or request.method ~= "GET" then response.headers.content_type = "text/html"; return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body> <p>It works! Now point your WebSocket client to this URL to connect to Prosody.</p> |