Add second argument Plug.Conn to Phoenix.Endpoint.socket/3 `:check_origin` MFA

victor23k · February 6, 2025, 5:47pm

Proposal

I propose to add the Plug.Conn struct available inside the MFA configured for Phoenix.Endpoint.socket/3 under check_origin.

Benefits

This would make possible to use url params or headers to check if the origin is allowed. Example: passing a user_id param in the url, then checking somewhere else if the Origin is allowed by that user.

Changes

The actual change seems quite simple as conn is already present when the MFA is applied so. It would just need tests and modifying the documentation.

github.com/phoenixframework/phoenix

lib/phoenix/socket/transport.ex

83e4b3245


      
          defp origin_allowed?({module, function, arguments}, uri, _endpoint, _conn),
            do: apply(module, function, [uri | arguments])

I would be more than happy to send the PR.

steffend · March 4, 2025, 1:21pm

Hey @victor23k,

the issue with the proposal is that any change to the arguments here would be a breaking change. So it’s not something we can easily do.

An ugly solution if you need this could be to have a plug before the socket and store data you need in the process dictionary and then access it from there later.

victor23k · March 4, 2025, 2:33pm

You are right. Thanks for the workaround!