From 231e87ab054addeb2433ecf6f87b54c641bd8865 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 18 Feb 2021 10:05:30 +0100 Subject: mod_websocket: Inherit security status from http request Allows requests considered secure becasue of a proxy header to carry over to the client session. mod_bosh does this too. --- plugins/mod_websocket.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 7a5f2d03..e70b907d 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -266,7 +266,7 @@ function handle_request(event) -- See mod_http and #540 session.ip = request.ip; - session.secure = consider_websocket_secure or session.secure; + session.secure = consider_websocket_secure or request.secure or session.secure; session.websocket_request = request; session.open_stream = session_open_stream; -- cgit v1.2.3