Async::CableSourceAsyncCableMiddleware

class Middleware

Definitions

def allow_request_origin?(env)

TODO: Shouldn't this be moved to ActionCable::Server::Base?

Implementation

 
def allow_request_origin?(env)
	if @server.config.disable_request_forgery_protection
		return true
	end
	
	proto = ::Rack::Request.new(env).ssl? ? "https" : "http"
	
	if @server.config.allow_same_origin_as_host && env["HTTP_ORIGIN"] == "#{proto}://#{env["HTTP_HOST"]}"
		return true
	elsif Array(@server.config.allowed_request_origins).any?{|allowed_origin| allowed_origin === env["HTTP_ORIGIN"]}
		return true
	end
	
	Console.warn(self, "Request origin not allowed!", origin: env["HTTP_ORIGIN"])
	return false
end