From a6156ff76b402236c4fdda7ec853307e99729cfe Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Sun, 12 Apr 2026 18:35:21 +0200
Subject: [PATCH] Add configurable websocket origin exceptions (for weird
 cases)

---
 miniserv.pl | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/miniserv.pl b/miniserv.pl
index 0fd243a57..9ee6e3fe4 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -5818,6 +5818,16 @@ elsif ($origin =~ /^(https?):\/\/([^:\/]+)(?::(\d+))?\/?$/i) {
 return undef;
 }
 
+sub parse_configured_websocket_origin
+{
+my ($origin) = @_;
+return undef if (!defined($origin));
+$origin =~ s/^\s+|\s+$//g;
+$origin =~ s/^ws:\/\//http:\/\//i;  # if admin configures websocket URLs
+$origin =~ s/^wss:\/\//https:\/\//i;
+return &parse_websocket_origin($origin);
+}
+
 sub forwarded_websocket_origin
 {
 my ($proto, $host, $port) = @_;
@@ -5874,6 +5884,22 @@ if ($config{'websocket_host'}) {
 		}
 	}
 
+# Extra public origins can be whitelisted explicitly for unusual edge proxy
+# configs where auto-detection cannot work
+if ($config{'websocket_extra_origins'}) {
+	foreach my $origin (split(/\s+|,\s*/, $config{'websocket_extra_origins'})) {
+		next if (!$origin);
+		my $parsed = &parse_configured_websocket_origin($origin);
+		if ($parsed) {
+			&$add_origin($parsed);
+			}
+		else {
+			print DEBUG "ignoring invalid websocket_extra_origins ".
+				    "entry $origin\n";
+			}
+		}
+	}
+
 return @rv;
 }