Merge branch 'mainline' into block-kit-digest

open-company · Mar 27, 2019 · 2913be3 · 2913be3
2 parents af747da + 86e86ad
commit 2913be3
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/project.clj b/project.clj
@@ -1,4 +1,4 @@
-(defproject open-company/lib "0.17.3-alpha1"
+(defproject open-company/lib "0.17.2"
   :description "OpenCompany Common Library"
   :url "https://github.com/open-company/open-company-lib"
   :license {
@@ -73,7 +73,7 @@
     [amazonica "0.3.141"
      :exclusions [joda-time commons-logging commons-codec com.fasterxml.jackson.core/jackson-databind com.amazonaws/aws-java-sdk-dynamodb]]
     ;; DynamoDB SDK
-    [com.amazonaws/aws-java-sdk-dynamodb "1.11.524"]
+    [com.amazonaws/aws-java-sdk-dynamodb "1.11.525"]
     ;; Data binding and tree for XML https://github.com/FasterXML/jackson-databind
     ;; NB: Not used directly, but a very common dependency, so pulled in for manual version management
     [com.fasterxml.jackson.core/jackson-databind "2.9.8"]

diff --git a/src/oc/lib/middleware/wrap_ensure_origin.clj b/src/oc/lib/middleware/wrap_ensure_origin.clj
@@ -8,10 +8,12 @@
   [handler]
   (fn [request]
     (try
-     (let [origin-header (get-in request [:headers "origin"])]
-       (if (re-find #"(?i)^https:\/\/[staging\.|www\.]*carrot\.io\/?$" origin-header)
-         (handler request)
-         origin-403-response))
+     (let [websocket? (:websocket? request)
+           origin-header (get-in request [:headers "origin"])]
+       (if (or (not websocket?) ; we only check origin on websocket requests
+                (re-find #"(?i)^https:\/\/[staging\.|www\.]*carrot\.io\/?$" origin-header))
+         (handler request) ; all is well
+         origin-403-response)) ; ye shall not pass
      (catch java.lang.NullPointerException e
-       ;; Origin not provided
+       ;; Origin not provided, also a fail
        origin-403-response))))