From: Juliusz Chroboczek <jch@irif.fr> To: Rob Dean <robdeanmzl@gmail.com> Cc: galene@lists.galene.org Subject: [Galene] Re: Galène with PHP Date: Fri, 05 Mar 2021 14:27:57 +0100 [thread overview] Message-ID: <87k0ql3f36.wl-jch@irif.fr> (raw) In-Reply-To: <CA+_U3xavep8nMpdY5Sg1VmDUf24UfT0nx4+xXB2Q=dcvo2iq5Q@mail.gmail.com> > I'm still wondering how to get PHP working on port 8443, so that I can run PHP > and MYSQL alongside Galene. (e.g. https://www.servername.com:8443/test.php) One way would be to run Galène behind a frontend proxy such as nginx or Apache. The frontend would need to proxy the WebSocket at /ws to Galène, and to proxy any PHP requests to a PHP interpreter, probably over fcgi. As to the static pages, it's probably best to have them served directly be the frontend. > I definitely cannot have a host php page running on port 80 that > attempts to create the websocket for Galene over on port 8443 via > javascript. You could probably do that. You'd just need to very slightly relax Galène's security checks, by doing something like the appended patch (untested). In case you want to understand what it does: by default, Galène accepts WebSocket connections if either they don't carry an Origin header, or they carry an Origin header that matches the host:port of the server; this avoids attacks where third-party Javascript is used to access a server that is behind a firewall. The attached patch relaxes the latter patch of the test, by only checking the hostname, not the port. You may tweak the test as needed. -- Juliusz diff --git a/webserver/webserver.go b/webserver/webserver.go index e336f88..9aaac4a 100644 --- a/webserver/webserver.go +++ b/webserver/webserver.go @@ -10,6 +10,7 @@ import ( "html" "io" "log" + "net" "net/http" "net/url" "os" @@ -440,6 +441,25 @@ func statsHandler(w http.ResponseWriter, r *http.Request, dataDir string) { var wsUpgrader = websocket.Upgrader{ HandshakeTimeout: 30 * time.Second, + CheckOrigin: func(r *http.Request) bool { + origin := r.Header["Origin"] + if len(origin) == 0 { + return true + } + u, err := url.Parse(origin[0]) + if err != nil { + return false + } + host1, _, err := net.SplitHostPort(u.Host) + if err != nil { + return false + } + host2, _, err := net.SplitHostPort(r.Host) + if err != nil { + return false + } + return strings.EqualFold(host1, host2) + }, } func wsHandler(w http.ResponseWriter, r *http.Request) {
next prev parent reply other threads:[~2021-03-05 13:28 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-02 17:59 [Galene] " Rob Dean 2021-03-02 18:37 ` [Galene] " Juliusz Chroboczek 2021-03-02 20:48 ` Gabriel Kerneis 2021-03-05 11:49 ` Rob Dean 2021-03-05 13:27 ` Juliusz Chroboczek [this message] 2021-03-05 15:56 ` Jeroen van Veen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/ * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=87k0ql3f36.wl-jch@irif.fr \ --to=jch@irif.fr \ --cc=galene@lists.galene.org \ --cc=robdeanmzl@gmail.com \ --subject='[Galene] Re: Galène with PHP' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox