MCPcopy
hub / github.com/coder/websocket / authenticateOrigin

Function authenticateOrigin

accept.go:228–260  ·  view source on GitHub ↗
(r *http.Request, originHosts []string)

Source from the content-addressed store, hash-verified

226}
227
228func authenticateOrigin(r *http.Request, originHosts []string) error {
229 origin := r.Header.Get("Origin")
230 if origin == "" {
231 return nil
232 }
233
234 u, err := url.Parse(origin)
235 if err != nil {
236 return fmt.Errorf("failed to parse Origin header %q: %w", origin, err)
237 }
238
239 if strings.EqualFold(r.Host, u.Host) {
240 return nil
241 }
242
243 for _, hostPattern := range originHosts {
244 target := u.Host
245 if strings.Contains(hostPattern, "://") {
246 target = u.Scheme + "://" + u.Host
247 }
248 matched, err := match(hostPattern, target)
249 if err != nil {
250 return fmt.Errorf("failed to parse path pattern %q: %w", hostPattern, err)
251 }
252 if matched {
253 return nil
254 }
255 }
256 if u.Host == "" {
257 return fmt.Errorf("request Origin %q is not a valid URL with a host", origin)
258 }
259 return fmt.Errorf("request Origin %q is not authorized for Host %q", u.Host, r.Host)
260}
261
262func match(pattern, s string) (bool, error) {
263 return path.Match(strings.ToLower(pattern), strings.ToLower(s))

Callers 2

acceptFunction · 0.85
Test_authenticateOriginFunction · 0.85

Calls 1

matchFunction · 0.85

Tested by 1

Test_authenticateOriginFunction · 0.68

Used in the wild real call sites across dependent graphs

searching dependent graphs…