From 553877f7a9eff26166dfa4d953d6f69f9420de28 Mon Sep 17 00:00:00 2001
From: Peter Powell <petpow@saberuk.com>
Date: Wed, 10 Oct 2018 16:45:35 +0100
Subject: Require WebSocket origins to be whitelisted in order to connect.

Fixes #1281.
---
 docs/conf/modules.conf.example | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'docs/conf/modules.conf.example')

diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index 8a22a8c71..72f295cc5 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -2167,6 +2167,12 @@
 # WebSocket connections. Compatible with SSL/TLS.
 # Requires SHA-1 hash support available in the sha1 module.
 #<module name="websocket">
+#
+# If you use the websocket module you MUST specify one or more origins
+# which are allowed to connect to the server. You should set this as
+# strict as possible to prevent malicious webpages from connecting to
+# your server.
+# <wsorigin allow="https://webchat.example.com/*">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # XLine database: Stores all *Lines (G/Z/K/R/any added by other modules)
-- 
cgit v1.2.3