Use x-forwarded-host first to fill connect-src

2020-11-28 18:55:58 -08:00 · 2020-11-28 18:55:58 -08:00 · 4f4d20649a
parent 5bd361f4eb
commit 4f4d20649a
1 changed files with 1 additions and 1 deletions
--- a/webserver.js
+++ b/webserver.js
@ -4888,7 +4888,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
            } else {
                // Use default security headers
                var geourl = (domain.geolocation ? ' *.openstreetmap.org' : '');
-                var selfurl = (' wss://' + req.headers.host);
+                var selfurl = req.headers['x-forwarded-host'] ? (' wss://' + req.headers['x-forwarded-host']) : (' wss://' + req.headers.host);
                var headers = {
                    'Referrer-Policy': 'no-referrer',
                    'X-XSS-Protection': '1; mode=block',