We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 482f584 commit 29251d0Copy full SHA for 29251d0
accept.go
@@ -215,7 +215,10 @@ func authenticateOrigin(r *http.Request, originHosts []string) error {
215
return nil
216
}
217
218
- return fmt.Errorf("request Origin %q is not authorized for Host %q", origin, r.Host)
+ if u.Host == "" {
219
+ return fmt.Errorf("request Origin %q is not a valid URL with a host", origin)
220
+ }
221
+ return fmt.Errorf("request Origin %q is not authorized for Host %q", u.Host, r.Host)
222
223
224
func match(pattern, s string) (bool, error) {
accept_test.go
@@ -39,7 +39,23 @@ func TestAccept(t *testing.T) {
39
r.Header.Set("Origin", "harhar.com")
40
41
_, err := Accept(w, r, nil)
42
- assert.Contains(t, err, `request Origin "harhar.com" is not authorized for Host`)
+ assert.Contains(t, err, `request Origin "harhar.com" is not a valid URL with a host`)
43
+ })
44
+
45
+ // #247
46
+ t.Run("unauthorizedOriginErrorMessage", func(t *testing.T) {
47
+ t.Parallel()
48
49
+ w := httptest.NewRecorder()
50
+ r := httptest.NewRequest("GET", "/", nil)
51
+ r.Header.Set("Connection", "Upgrade")
52
+ r.Header.Set("Upgrade", "websocket")
53
+ r.Header.Set("Sec-WebSocket-Version", "13")
54
+ r.Header.Set("Sec-WebSocket-Key", "meow123")
55
+ r.Header.Set("Origin", "https://harhar.com")
56
57
+ _, err := Accept(w, r, nil)
58
+ assert.Contains(t, err, `request Origin "harhar.com" is not authorized for Host "example.com"`)
59
})
60
61
t.Run("badCompression", func(t *testing.T) {
0 commit comments