From ee37eafd3626d61a030a6a6ccfa763da61c0f7b4 Mon Sep 17 00:00:00 2001
From: Jannis Mattheis <contact@jmattheis.de>
Date: Thu, 15 Mar 2018 21:50:26 +0100
Subject: [PATCH] Check origin in websocket in prod mode only

---
 stream/stream.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/stream/stream.go b/stream/stream.go
index f5bdc94..7242df4 100644
--- a/stream/stream.go
+++ b/stream/stream.go
@@ -8,11 +8,16 @@ import (
 	"github.com/gorilla/websocket"
 	"github.com/gotify/server/auth"
 	"github.com/gotify/server/model"
+	"net/http"
+	"github.com/gotify/server/mode"
 )
 
 var upgrader = websocket.Upgrader{
 	ReadBufferSize:  1024,
 	WriteBufferSize: 1024,
+	CheckOrigin: func(r *http.Request) bool {
+		return mode.IsDev();
+	},
 }
 
 // The API provides a handler for a WebSocket stream API.