diff --git a/README.md b/README.md
index 14c39293..930c3c73 100644
--- a/README.md
+++ b/README.md
@@ -112,7 +112,7 @@ Advantages of nhooyr.io/websocket:
- Gorilla's implementation is slower and uses [unsafe](https://golang.org/pkg/unsafe/).
- Full [permessage-deflate](https://tools.ietf.org/html/rfc7692) compression extension support
- Gorilla only supports no context takeover mode
- - We use a vendored [klauspost/compress](https://github.com/klauspost/compress) for much lower memory usage ([gorilla/websocket#203](https://github.com/gorilla/websocket/issues/203))
+ - We use [klauspost/compress](https://github.com/klauspost/compress) for much lower memory usage ([gorilla/websocket#203](https://github.com/gorilla/websocket/issues/203))
- [CloseRead](https://pkg.go.dev/nhooyr.io/websocket#Conn.CloseRead) helper ([gorilla/websocket#492](https://github.com/gorilla/websocket/issues/492))
- Actively maintained ([gorilla/websocket#370](https://github.com/gorilla/websocket/issues/370))
diff --git a/accept.go b/accept.go
index c43d9616..e4109c57 100644
--- a/accept.go
+++ b/accept.go
@@ -28,8 +28,7 @@ type AcceptOptions struct {
// InsecureSkipVerify is used to disable Accept's origin verification behaviour.
//
- // Deprecated: Use OriginPatterns with a match all pattern of * instead to control
- // origin authorization yourself.
+ // You probably want to use OriginPatterns instead.
InsecureSkipVerify bool
// OriginPatterns lists the host patterns for authorized origins.
@@ -46,6 +45,9 @@ type AcceptOptions struct {
//
// Please ensure you understand the ramifications of enabling this.
// If used incorrectly your WebSocket server will be open to CSRF attacks.
+ //
+ // Do not use * as a pattern to allow any origin, prefer to use InsecureSkipVerify instead
+ // to bring attention to the danger of such a setting.
OriginPatterns []string
// CompressionMode controls the compression mode.
diff --git a/conn_test.go b/conn_test.go
index 451d093a..6c52121a 100644
--- a/conn_test.go
+++ b/conn_test.go
@@ -273,8 +273,8 @@ func TestWasm(t *testing.T) {
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
c, err := websocket.Accept(w, r, &websocket.AcceptOptions{
- Subprotocols: []string{"echo"},
- OriginPatterns: []string{"*"},
+ Subprotocols: []string{"echo"},
+ InsecureSkipVerify: true,
})
if err != nil {
t.Errorf("echo server failed: %v", err)
diff --git a/examples/chat/README.md b/examples/chat/README.md
index a4c99a93..fc7df5d0 100644
--- a/examples/chat/README.md
+++ b/examples/chat/README.md
@@ -17,8 +17,10 @@ Visit the printed URL to submit and view broadcasted messages in a browser.
The frontend is contained in `index.html`, `index.js` and `index.css`. It sets up the
DOM with a scrollable div at the top that is populated with new messages as they are broadcast.
At the bottom it adds a form to submit messages.
+
The messages are received via the WebSocket `/subscribe` endpoint and published via
-the HTTP POST `/publish` endpoint.
+the HTTP POST `/publish` endpoint. The reason for not publishing messages over the WebSocket
+is so that you can easily publish a message with curl.
The server portion is `main.go` and `chat.go` and implements serving the static frontend
assets, the `/subscribe` WebSocket endpoint and the HTTP POST `/publish` endpoint.
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy