From c43e07d6b7217d713d23682a3fc993558553f514 Mon Sep 17 00:00:00 2001
From: Devin Carr <dcarr@cloudflare.com>
Date: Thu, 11 May 2023 10:13:39 -0700
Subject: [PATCH] TUN-7421: Add *.cloudflare.com to permitted Origins for
 management WebSocket requests

---
 management/service.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/management/service.go b/management/service.go
index 8964a05d..b5bc1b52 100644
--- a/management/service.go
+++ b/management/service.go
@@ -216,7 +216,11 @@ func (m *ManagementService) parseFilters(c *websocket.Conn, event *ClientEvent,
 
 // Management Streaming Logs accept handler
 func (m *ManagementService) logs(w http.ResponseWriter, r *http.Request) {
-	c, err := websocket.Accept(w, r, nil)
+	c, err := websocket.Accept(w, r, &websocket.AcceptOptions{
+		OriginPatterns: []string{
+			"*.cloudflare.com",
+		},
+	})
 	if err != nil {
 		m.log.Debug().Msgf("management handshake: %s", err.Error())
 		return