From 0a1eecee20b63286099a3610095af608f310dcc1 Mon Sep 17 00:00:00 2001
From: MuxZeroNet <MuxZeroNet@users.noreply.github.com>
Date: Sun, 8 Jan 2017 06:56:42 +0000
Subject: [PATCH] WebSocket requests not allowed

---
 src/Ui/UiRequest.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py
index 917baeaf..2059e68f 100644
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@@ -93,6 +93,9 @@ class UiRequest(object):
     def isProxyRequest(self):
         return self.env["PATH_INFO"].startswith("http://")
 
+    def isWebSocket(self):
+        return self.env.get("HTTP_UPGRADE") == "websocket"
+    
     def isAjaxRequest(self):
         return self.env.get("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest"
 
@@ -195,7 +198,9 @@ class UiRequest(object):
                 return self.actionSiteMedia("/media" + path)  # Only serve html files with frame
             if self.isAjaxRequest():
                 return self.error403("Ajax request not allowed to load wrapper")  # No ajax allowed on wrapper
-
+            if self.isWebSocket():
+                return self.error403("WebSocket not allowed to load wrapper") # No websocket
+            
             if "text/html" not in self.env["HTTP_ACCEPT"]:
                 return self.error403("Invalid Accept header to load wrapper")
             if "prefetch" in self.env.get("HTTP_X_MOZ", "") or "prefetch" in self.env.get("HTTP_PURPOSE", ""):