Returns 403 Forbidden when testing in local host

[meiry]

great minimalistic server

In Client.cpp you have check ( i don't understand why you do it )

my request looks like this :

Listening

GET / HTTP/1.1
Host: 127.0.0.1:3000
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
Upgrade: websocket
Origin: http://127.0.0.1
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,he;q=0.8,zu;q=0.7,es;q=0.6
Sec-WebSocket-Key: Vk2gFQQxiuVlrQSR8IRU5w==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

this function will return 1 and will fail the request , once i remove it the request process successfully can you explain why you do this check ?

m_fnCheckConnection = [](HTTPRequest &req) -> bool {
        const char *host = req.headers.m_hHost;
        if (host == nullptr)
        {
            return true; // No host header, default to accept
        }

        const char *origin = req.headers.m_hOrigin;
        if(origin == nullptr) 
        {
            return true;
        }

        return strcmp(origin, host) == 0;
    };

the values are : origin = "http://127.0.0.1" host = "127.0.0.1:3000"

[Matheus28]

You should be checking the Origin header. There is a function to change the check (SetCheckConnectionCallback) so you can do a whitelist instead. By default the check is that the origin is the same as the host (which I never use, so it's probably wrong since it should prepend http and https to it).