Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-12-21 16:00:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: close #7002, console message if mismatched origins

Browse Source
This commit is contained in:
Peter Jaszkowiak
2018-11-28 20:23:42 -07:00
committed by Julian Lam
parent 43c3bb02e5
commit 89c025d102
3 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/socket.io/index.js
View File

@@ -46,20 +46,16 @@ Sockets.init = function (server) {
* Can be overridden via config (socket.io:origins)
*/
if (process.env.NODE_ENV !== 'development') {
var domain = nconf.get('cookieDomain');
var parsedUrl = url.parse(nconf.get('url'));
var override = nconf.get('socket.io:origins');
if (!domain) {
domain = parsedUrl.hostname; // cookies don't provide isolation by port: http://stackoverflow.com/a/16328399/122353
}
const parsedUrl = url.parse(nconf.get('url'));
if (!override) {
io.origins(parsedUrl.protocol + '//' + domain + ':*');
winston.info('[socket.io] Restricting access to origin: ' + parsedUrl.protocol + '//' + domain + ':*');
} else {
io.origins(override);
winston.info('[socket.io] Restricting access to origin: ' + override);
}
// cookies don't provide isolation by port: http://stackoverflow.com/a/16328399/122353
const domain = nconf.get('cookieDomain') || parsedUrl.hostname;
const origins = nconf.get('socket.io:origins') || `${parsedUrl.protocol}//${domain}:*`;
nconf.set('socket.io:origins', origins);
io.origins(origins);
winston.info('[socket.io] Restricting access to origin: ' + origins);
}
io.listen(server, {