Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-16 10:46:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #5472

Browse Source
This commit is contained in:
Julian Lam
2017-02-23 11:54:46 -05:00
parent ebe5ed7560
commit d4c2fc3bc8
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/socket.io/index.js
View File

@@ -33,6 +33,28 @@ Sockets.init = function (server) {
io.on('connection', onConnection);
/*
* Restrict socket.io listener to cookie domain. If none is set, infer based on url.
* Production only so you don't get accidentally locked out.
* Can be overridden via config (socket.io:origins)
*/
if (process.env.NODE_ENV !== 'development') {
var domain = nconf.get('cookieDomain');
var parsedUrl = url.parse(nconf.get('url'));
var override = nconf.get('socket.io:origins');
if (!domain) {
domain = parsedUrl.hostname; // cookies don't provide isolation by port: http://stackoverflow.com/a/16328399/122353
}
if (!override) {
io.set('origins', parsedUrl.protocol + '//' + domain + ':*');
winston.info('[socket.io] Restricting access to origin: ' + parsedUrl.protocol + '//' + domain + ':*');
} else {
io.set('origins', override);
winston.info('[socket.io] Restricting access to origin: ' + override);
}
}
io.listen(server, {
transports: nconf.get('socket.io:transports')
});