method

allow_request_origin?

v6.0.0 - Show latest stable - Class: ActionCable::Connection::Base

allow_request_origin?()

private

No documentation available.

# File actioncable/lib/action_cable/connection/base.rb, line 199
        def allow_request_origin?
          return true if server.config.disable_request_forgery_protection

          proto = Rack::Request.new(env).ssl? ? "https" : "http"
          if server.config.allow_same_origin_as_host && env["HTTP_ORIGIN"] == "#{proto}://#{env['HTTP_HOST']}"
            true
          elsif Array(server.config.allowed_request_origins).any? { |allowed_origin|  allowed_origin === env["HTTP_ORIGIN"] }
            true
          else
            logger.error("Request origin not allowed: #{env['HTTP_ORIGIN']}")
            false
          end
        end

allow_request_origin?

Related methods