@@ -40,9 +40,10 @@ type AcceptOptions struct {
4040 // In such a case, example.com is the origin and chat.example.com is the request host.
4141 // One would set this field to []string{"example.com"} to authorize example.com to connect.
4242 //
43- // Each pattern is matched case insensitively against the request origin host
44- // with path.Match.
45- // See https://golang.org/pkg/path/#Match
43+ // Each pattern is matched case insensitively with path.Match (see
44+ // https://golang.org/pkg/path/#Match). By default, it is matched
45+ // against the request origin host. If the pattern contains a URI
46+ // scheme ("://"), it will be matched against "scheme://host".
4647 //
4748 // Please ensure you understand the ramifications of enabling this.
4849 // If used incorrectly your WebSocket server will be open to CSRF attacks.
@@ -240,7 +241,11 @@ func authenticateOrigin(r *http.Request, originHosts []string) error {
240241 }
241242
242243 for _ , hostPattern := range originHosts {
243- matched , err := match (hostPattern , u .Host )
244+ target := u .Host
245+ if strings .Contains (hostPattern , "://" ) {
246+ target = u .Scheme + "://" + u .Host
247+ }
248+ matched , err := match (hostPattern , target )
244249 if err != nil {
245250 return fmt .Errorf ("failed to parse path pattern %q: %w" , hostPattern , err )
246251 }
0 commit comments