同时设置Websocket允许来源域和防盗链时，以Websocket设置为优先

2025-12-25 22:46:34 +08:00 · 2023-06-16 09:56:37 +08:00
parent 1569841498
commit 53f0fec568
5 changed files with 54 additions and 7 deletions
--- a/internal/nodes/http_request_referers.go
+++ b/internal/nodes/http_request_referers.go
@@ -12,13 +12,29 @@ func (this *HTTPRequest) doCheckReferers() (shouldStop bool) {
 		return
 	}

+	var origin = this.RawReq.Header.Get("Origin")
+
 	const cacheSeconds = "3600" // 时间不能过长，防止修改设置后长期无法生效

+	// 处理用到Origin的特殊功能
+	if this.web.Referers.CheckOrigin && len(origin) > 0 {
+		// 处理Websocket
+		if this.web.Websocket != nil && this.web.Websocket.IsOn && this.RawReq.Header.Get("Upgrade") == "websocket" {
+			originHost, _ := httpParseHost(origin)
+			if len(originHost) > 0 && this.web.Websocket.MatchOrigin(originHost) {
+				return
+			}
+		}
+	}
+
 	var refererURL = this.RawReq.Header.Get("Referer")
 	if len(refererURL) == 0 && this.web.Referers.CheckOrigin {
-		var origin = this.RawReq.Header.Get("Origin")
 		if len(origin) > 0 && origin != "null" {
-			refererURL = "https://" + origin // 因为Origin都只有域名部分，所以为了下面的URL 分析需要加上https://
+			if urlSchemeRegexp.MatchString(origin) {
+				refererURL = origin
+			} else {
+				refererURL = "https://" + origin
+			}
 		}
 	}