From 42d42cefcc06be88cb917d596c4df3a2ef481cc3 Mon Sep 17 00:00:00 2001
From: Hendrik Brummermann <nhnb@users.sourceforge.net>
Date: Mon, 12 Jun 2023 22:12:04 +0200
Subject: [PATCH] added support for multiple allowed origins

---
 .../server/net/web/WebSocketChannel.java         | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/marauroa/server/net/web/WebSocketChannel.java b/src/marauroa/server/net/web/WebSocketChannel.java
index 5c80daaf..a93901b3 100644
--- a/src/marauroa/server/net/web/WebSocketChannel.java
+++ b/src/marauroa/server/net/web/WebSocketChannel.java
@@ -64,7 +64,7 @@ public void onOpen(Session session, EndpointConfig config) {
 		String origin = params.get("origin").get(0);
 		try {
 			String expectedOrigin = Configuration.getConfiguration().get("http_origin");
-			if ((expectedOrigin != null) && !expectedOrigin.equals(origin)) {
+			if (!validateOrigin(origin, expectedOrigin)) {
 				logger.warn("Expected origin " + expectedOrigin + " from client " + address + " but got " + origin);
 				close();
 				return;
@@ -85,6 +85,20 @@ public void onOpen(Session session, EndpointConfig config) {
 	}
 
 
+	private boolean validateOrigin(String origin, String expectedOrigin) {
+		if (expectedOrigin == null) {
+			return true;
+		}
+		String[] expectedOrigins = expectedOrigin.split(",");
+		for (String exp : expectedOrigins) {
+			if (exp.equals(origin)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+
 	@OnMessage
 	public void onWebSocketText(String message) {
 		String msg = DebugInterface.get().onMessage(useragent, message);