From e5dcd654d34ecf94c32bee0e879981b073994ff8 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Mon, 14 Feb 2022 21:04:34 +0000
Subject: [PATCH] Some adjustments.

---
 src/Http/Handlers/SockChatHandler.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Http/Handlers/SockChatHandler.php b/src/Http/Handlers/SockChatHandler.php
index 29a3a5ff..bbf5e54a 100644
--- a/src/Http/Handlers/SockChatHandler.php
+++ b/src/Http/Handlers/SockChatHandler.php
@@ -395,15 +395,16 @@ final class SockChatHandler extends Handler {
     }
 
     public function token(HttpResponse $response, HttpRequest $request) {
-        $httpOrigin = $request->getHeaderLine('Origin');
+        $host = $request->getHeaderLine('Host');
+        $origin = strtolower(parse_url($request->getHeaderLine('Origin'), PHP_URL_HOST));
 
-        if(!empty($httpOrigin)) {
+        if(!empty($origin) && $origin !== $host) {
             $whitelist = Config::get('sockChat.origins', Config::TYPE_ARR, []);
 
-            if(!in_array($httpOrigin, $whitelist))
+            if(!in_array($origin, $whitelist))
                 return 403;
 
-            $request->setHeader('Access-Control-Allow-Origin', $httpOrigin);
+            $request->setHeader('Access-Control-Allow-Origin', $origin);
             $request->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
             $request->setHeader('Access-Control-Allow-Credentials', 'true');
             $request->setHeader('Vary', 'Origin');