Critical WebSocket Origin Check Disabled in Orbit Server Enables Cross-Site Hijacking

A critical security misconfiguration has been identified in the Orbit server codebase, leaving production deployments exposed to Cross-Site WebSocket Hijacking (CSWSH). The vulnerability stems from `InsecureSkipVerify: true` being set on the WebSocket `Accept` call in `cmd/server/main.go`, which disables origin validation on all incoming WebSocket upgrade requests. The setting was introduced for local development convenience but has not been removed before production deployment, according to the bug report.

The flaw allows any third-party website to initiate a WebSocket connection to a publicly accessible Orbit server from a visitor's browser. An attacker would only need to craft a malicious webpage that opens a WebSocket to `ws://<orbit-host>/ws?token=<token>`, with the connection being accepted regardless of the `Origin` header. This enables the attacker to act as a man-in-the-middle, potentially intercepting sensitive data, authentication tokens, or commands transmitted over the WebSocket channel using the victim's authenticated session as a relay.

The bug report identifies the exact vulnerable code at `cmd/server/main.go:66` and proposes a fix involving replacement of the current `AcceptOptions` with an explicit origin allowlist. Until patched, publicly deployed Orbit instances face ongoing CSWSH risk. Organizations running Orbit behind firewalls or in strictly isolated environments may have reduced exposure, but any externally accessible deployment should treat this as an urgent remediation priority.