Origin creation in nopoll_conn.c restricted to http #66
Description
Hello!
Function __nopoll_conn_new_common for connection creation in nopoll_conn.c fills the conn->origin when NULL using
/* build origin *
if (origin == NULL)
conn->origin = nopoll_strdup_printf ("http://%s", conn->host_name);
else
conn->origin = nopoll_strdup (origin);
If NULL origin is provided, the function will always put "http" first. This will lead to a forbidden connection if using a HTTPS connection and having origin = NULL, as I noticed having my websocket server sitting behind a NGINX server and using a HTTPS route.. The sent origin will be "http://"+ hostname and therefore invalid. I can create a connection to the server with other websocket client implementations when not having an origin field at all.
I wonder, if it would be good to modify this function with either
- eliminate the fallback filling of origin and enforce having a fitting string
- enhance the fallback filling ("https" instead of "http" if port == 443 or test if function was called by a function for a new TLS connection?)
- add a function for completely removing the origin field from the notification that will be sent to the server
?