mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-06-16 23:14:13 +00:00
a0a1decd06
handleNamespaceGatewayRequest rewrites r.Host to the backend target IP:port (e.g. "10.0.0.6:10004") before forwarding. The original public host (e.g. "ns-anchat-test.orama-devnet.network") is preserved in X-Forwarded-Host. checkWSOrigin in both pubsub/ws_client.go and serverless/ws_handler.go was comparing the client's Origin against the proxied r.Host only — so every browser / RN-iOS WS upgrade was rejected 403 because their Origin's public hostname can never match 10.0.0.6. curl probes don't send Origin, so curl returned true unconditionally and the bug was invisible to operator smoke tests. AnChat's iPhone WS clients hit `code=1006 reason="Received bad response code from server: 403"` for ~24h. Fix: prefer X-Forwarded-Host (the original public host) when present, fall back to r.Host for direct (non-proxied) connections. Applied identically to both WS handlers. Regression test in serverless/ws_origin_test.go covers the proxy-hop case, no-Origin case, and direct-connection case. This is the real fix; v0.122.19 only closed a separate silent-forward auth hole that produced opaque 401s on a different code path. VERSION bumped to 0.122.20.