From c43e07d6b7217d713d23682a3fc993558553f514 Mon Sep 17 00:00:00 2001 From: Devin Carr Date: Thu, 11 May 2023 10:13:39 -0700 Subject: [PATCH] TUN-7421: Add *.cloudflare.com to permitted Origins for management WebSocket requests --- management/service.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/management/service.go b/management/service.go index 8964a05d..b5bc1b52 100644 --- a/management/service.go +++ b/management/service.go @@ -216,7 +216,11 @@ func (m *ManagementService) parseFilters(c *websocket.Conn, event *ClientEvent, // Management Streaming Logs accept handler func (m *ManagementService) logs(w http.ResponseWriter, r *http.Request) { - c, err := websocket.Accept(w, r, nil) + c, err := websocket.Accept(w, r, &websocket.AcceptOptions{ + OriginPatterns: []string{ + "*.cloudflare.com", + }, + }) if err != nil { m.log.Debug().Msgf("management handshake: %s", err.Error()) return