fix(viz): reject cross-origin WebSocket handshakes

zevorn · zevorn · commit cc87a864d400 · 2026-04-19T01:39:04.000+08:00
The `/ws` handler enforced "localhost bind only" but otherwise accepted every incoming handshake without checking the Origin header. Browsers deliberately allow cross-origin WebSocket handshakes — the Same-Origin Policy does not apply there — so a malicious page open in the same browser could connect to ws://localhost:<port>/ws and immediately send a `cancel_session` message, killing an active RLCR loop with zero auth prompt. Reuse the existing `_origin_matches_request()` matcher (the same logic that gates mutating HTTP routes via CSRF) before adding the socket to `_ws_clients`. Connections without an Origin header are treated as same-origin (curl, server-to-server callers): the localhost bind already refuses non-loopback clients and the Origin header is effectively mandatory from browsers on the WebSocket handshake. Fixes Codex review P1 on PR PolyArch#63 (cross-origin WebSocket `cancel_session` vector). Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
diff --git a/viz/server/app.py b/viz/server/app.py
@@ -1376,6 +1376,23 @@ def websocket(ws):
             pass
         return
 
+    # Cross-origin WebSocket rejection. The HTTP side of the app
+    # gates mutating routes through `_enforce_csrf_protection`, but
+    # browsers happily let arbitrary pages open a WebSocket to
+    # ws://localhost:<port>/ws with no Origin check from the server.
+    # A `cancel_session` message over that connection would kill an
+    # active loop with zero auth prompt. Reuse the same request-host
+    # matcher so the localhost dashboard's own Origin keeps working
+    # while hostile origins (pages served by other projects in the
+    # same browser) are closed before they can send anything.
+    origin = request.headers.get('Origin', '').strip()
+    if origin and not _origin_matches_request(origin):
+        try:
+            ws.close(reason='cross-origin WebSocket rejected')
+        except Exception:
+            pass
+        return
+
     with _ws_lock:
         _ws_clients.add(ws)
     try:
