该用户的聊天记录定位。
Good to know
Good to know
We don't want to take on an additional dependency if we don't have to (see: supply chain attacks). We don't need anything else provided by gorilla/websocket, the built-in library works for us in terms of features and functionality. is it expected that there's inconsistent behavior between the handling of `Origin` headers in the production websocket API endpoint and demo websocket API endpoint?
We don't want to take on an additional dependency if we don't have to (see: supply chain attacks). We don't need anything else provided by gorilla/websocket, the built-in library works for us in terms of features and functionality. is it expected that there's inconsistent behavior between the handling of `Origin` headers in the production websocket API endpoint and demo websocket API endpoint?
Yep, I tried all variations of that, I couldn't find a header that worked in production
Yep, I tried all variations of that, I couldn't find a header that worked in production
That's a different library - we're using https://pkg.go.dev/golang.org/x/net/websocket The library in the code block above is github.com/gorilla/websocket
That's a different library - we're using https://pkg.go.dev/golang.org/x/net/websocket The library in the code block above is github.com/gorilla/websocket
The header cannot be cleared The library code requires some value
The header cannot be cleared The library code requires some value
When connecting to the websocket API, if an `Origin:` header is set then the websocket API returns a forbidden HTTP status code. The demo environment does not demonstrate this behavior. This is a bit problematic for us because the default golang websocket library sets this header: https://cs.opensource.google/go/x/net/+/refs/tags/v0.56.0:websocket/hybi.go;l=418 1) Maybe there's a valid Origin value that we can set that will not trigger a forbidden in production? 2) It would be helpful to keep the behavior in sync between demo and production websocket environments so that they both either return a forbidden or don't, when the header is set Thanks!
When connecting to the websocket API, if an `Origin:` header is set then the websocket API returns a forbidden HTTP status code. The demo environment does not demonstrate this behavior. This is a bit problematic for us because the default golang websocket library sets this header: https://cs.opensource.google/go/x/net/+/refs/tags/v0.56.0:websocket/hybi.go;l=418 1) Maybe there's a valid Origin value that we can set that will not trigger a forbidden in production? 2) It would be helpful to keep the behavior in sync between demo and production websocket environments so that they both either return a forbidden or don't, when the header is set Thanks!