From 231e87ab054addeb2433ecf6f87b54c641bd8865 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 18 Feb 2021 10:05:30 +0100
Subject: mod_websocket: Inherit security status from http request

Allows requests considered secure becasue of a proxy header to carry
over to the client session.

mod_bosh does this too.
---
 plugins/mod_websocket.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index 7a5f2d03..e70b907d 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -266,7 +266,7 @@ function handle_request(event)
 	-- See mod_http and #540
 	session.ip = request.ip;
 
-	session.secure = consider_websocket_secure or session.secure;
+	session.secure = consider_websocket_secure or request.secure or session.secure;
 	session.websocket_request = request;
 
 	session.open_stream = session_open_stream;
-- 
cgit v1.2.3