mirrors/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-30 19:32:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

app-server: reject websocket requests with Origin headers (#14995)

Browse Source 
Reject websocket requests that carry an `Origin` header
This commit is contained in:
Max Johnson
2026-03-17 17:24:53 -07:00
committed by GitHub
parent a5d3114e97
commit 19b887128e
3 changed files with 78 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
codex-rs/app-server/README.md
View File

@@ -29,7 +29,8 @@ Supported transports:
When running with `--listen ws://IP:PORT`, the same listener also serves basic HTTP health probes:
- `GET /readyz` returns `200 OK` once the listener is accepting new connections.
- `GET /healthz` currently always returns `200 OK`.
- `GET /healthz` returns `200 OK` when no `Origin` header is present.
- Any request carrying an `Origin` header is rejected with `403 Forbidden`.
Websocket transport is currently experimental and unsupported. Do not rely on it for production workloads.