How to set WebSocket Origin Header from Javascript?

I'm trying to use javascript to make a websocket request from a local test.dev page to a server running at ip 123.123.123.123 on behalf of test.com. The request goes through, but the 123.123.123.123 server sees the Origin: test.dev header in the websocket request and rejects the connection because it wants to see Origin: test.com.

Here is the javascript code for connecting the socket:

ws = new WebSocket("123.123.123.123");

How can I use javascript to start a websocket connection with a dishonest Origin header of Origin: test.com?

I was hoping something like this would work, but I can't find any such:

ws = new WebSocket("123.123.123.123", "test.com");

Answers


The simple solution would be to simply create an entry in your hosts file to map test.com to 123.123.123.123. You would need to remove this entry later when you want to connect the "real" test.com.

A less hacky solution would require the use of a proxy which can re-write your headers for you on-the-fly. Consider install nginx on your system, and then proxing the request to 123.123.123.123 keeping everything the same except for the Origin header. Here's the entry you would need in your nginx config file:

server {
    server_name test.dev;

    location / {
        proxy_pass http://123.123.123.123;
        proxy_set_header Origin test.com;

        # the following 3 are required to proxy WebSocket connections.
        # See more here: http://nginx.com/blog/websocket-nginx/

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

How can I use javascript to start a websocket connection with a dishonest Origin header of Origin: test.com?

If we could forge the origin of requests in JavaScript, the same origin policy wouldn't be very good at keeping us safe. It exists solely to protect us from this and other potential attack vectors.

As this looks like dev work, have you considered using a web debugging proxy such as Fiddler (free) or Charles (paid)? With those you could modify the initial handshake request or response for the WebSocket for your own machine or any test machines that are proxied through the debugger.


Need Your Help

Form not displaying error messages for nested resource

ruby-on-rails ruby-on-rails-4

I am having trouble getting error messages to display when a user tries to submit a blank comment. Upon create failure it render 'posts/show' properly but it doesnt appear to be sending the @comment

SQL database is not getting updated while inserting from C# program

c# sql sql-server database

I am new to C# and databases. I am connecting to my local database server using CreateConnection() method. I am trying to insert data into database table. When I read this data from SQL studio using

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.