Replaced one-pager with multiple pages and fixed security bugs

2026-05-16 21:10:55 +02:00
parent 802906f9d4
commit 68034dea7d
25 changed files with 2311 additions and 1217 deletions
@@ -10,7 +10,17 @@ import (
 )

 var upgrader = websocket.Upgrader{
-	CheckOrigin: func(r *http.Request) bool { return true },
+	CheckOrigin: func(r *http.Request) bool {
+		origin := r.Header.Get("Origin")
+		if origin == "" {
+			// Non-browser client without Origin header — allow.
+			return true
+		}
+		if originAllowed(origin) {
+			return true
+		}
+		return sameOriginRequest(r)
+	},
 }

 type wsMessage struct {