add kazoo.ws_connections_restrict_origin runtime

kamailio/websockets-role.cfg

@@ -27,6 +27,7 @@ loadmodule "xhttp.so"
 #!trydef WS_MAX_CONNECTIONS_PER_PROXY 0
 #!trydef WS_ALLOWED_PROXIES "0.0.0.0/0"
 #!trydef WS_CONNECTIONS_FROM_PROXY_ONLY 0
+#!trydef WS_CONNECTIONS_RESTRICT_ORIGIN 1
 
 ######## Websocket module ########
 loadmodule "websocket.so"
@@ -43,6 +44,7 @@ kazoo.ws_allowed_proxies = WS_ALLOWED_PROXIES desc "comma separated list of allo
 kazoo.ws_max_connection_per_ip = WS_MAX_CONNECTIONS_PER_IP desc "max connections per ip"
 kazoo.ws_max_connection_per_proxy = WS_MAX_CONNECTIONS_PER_PROXY desc "max connections per proxy"
 kazoo.ws_connections_via_proxy_only = WS_CONNECTIONS_FROM_PROXY_ONLY desc "only allow connections via proxy"
+kazoo.ws_connections_restrict_origin = WS_CONNECTIONS_RESTRICT_ORIGIN desc "restrict origin if MY_WEBSOCKET_DOMAIN is defined"
 
 event_route[xhttp:request]
 {
@@ -74,10 +76,12 @@ event_route[xhttp:request]
     }
 
     #!ifdef MY_WEBSOCKET_DOMAIN
-    if (!($hdr(Origin) =~ "MY_WEBSOCKET_DOMAIN")) {
-        xlog("L_INFO", "websocket|log|rejecting HTTP request with unauthorized origin $hdr(Origin) from $si:$sp, allowed origin is MY_WEBSOCKET_DOMAIN\n");
-        xhttp_reply("400", "Bad Request", "", "");
-        exit;
+    if($sel(cfg_get.kazoo.ws_connections_restrict_origin) == 1) {
+        if (!($hdr(Origin) =~ "MY_WEBSOCKET_DOMAIN")) {
+            xlog("L_INFO", "websocket|log|rejecting HTTP request with unauthorized origin $hdr(Origin) from $si:$sp, allowed origin is MY_WEBSOCKET_DOMAIN\n");
+            xhttp_reply("400", "Bad Request", "", "");
+            exit;
+        }
     }
     #!endif