Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: socketio/engine.io
base: 3.5.0
Choose a base ref
...
head repository: socketio/engine.io
compare: 3.6.0
Choose a head ref
  • 5 commits
  • 7 files changed
  • 2 contributors

Commits on Jun 6, 2022

  1. feat: decrease the default value of maxHttpBufferSize 

    This change reduces the default value from 100 mb to a more sane 1 mb.

This helps protect the server against denial of service attacks by
malicious clients sending huge amounts of data.

Backported from 734f9d1
    @darrachequesne
    darrachequesne committed Jun 6, 2022
    Configuration menu
    Copy the full SHA
    58e274c View commit details
    Browse the repository at this point in the history

  2. fix: add extension in the package.json main entry (#608) 

    The `main` entry for the `package.json` file is for defining the entry
point. The entry is currently missing the required `.js` extension,
this PR brings it back.

Backported from 17b8c2f
    @AStoker @darrachequesne
    AStoker authored and darrachequesne committed Jun 6, 2022
    Configuration menu
    Copy the full SHA
    3ad0567 View commit details
    Browse the repository at this point in the history

  3. fix: do not reset the ping timer after upgrade 

    There was two issues with this behavior:

- v3 clients (with allowEIO3: true) were also receiving a "ping" after
a successful upgrade, which is incorrect (in v3, it's the client that
sends the "ping", and the server answers with a "pong")

- the ping timer is not reset after upgrade on the client-side, so an
upgrade which took longer than the `pingTimeout` duration could lead to
a "ping timeout" error on the client-side

I think the latter issue is present since the initial implementation.

Related: socketio/socket.io-client-swift#1309 (comment)

Backported from ff2b8ab
    @darrachequesne
    darrachequesne committed Jun 6, 2022
    Configuration menu
    Copy the full SHA
    1f5d469 View commit details
    Browse the repository at this point in the history

  4. feat: increase the default value of pingTimeout 

    This value was updated from 60000 to 5000 in [1], included in
`engine.io@3.2.0` (Feb 2018).

The reasoning back then:

Some users experienced long delays between disconnection on the
server-side and on the client-side. The "disconnect" event would take a
long time to fire in the browser, probably due to a timer being
delayed. Hence the change.

That being said, the current value (5s) now causes unexpected
disconnections when a big payload is sent over a slow network, because
it prevents the ping-pong packets from being exchanged between the
client and the server. This can also happen when a synchronous task
blocks the server for more than 5 seconds.

The new value (20s) thus seems like a good balance between quick
disconnection detection and tolerance to various delays.

Note: pingInterval + pingTimeout is still below the threshold of React
Native, which complains if a timer is set with a delay of more than 1
minute.

[1]: 65b1ad1

Related:

- socketio/socket.io#2770
- socketio/socket.io#2769
- socketio/socket.io#3054
- socketio/socket.io#3376

Backported from 5a7fa13
    @darrachequesne
    darrachequesne committed Jun 6, 2022
    Configuration menu
    Copy the full SHA
    f55a79a View commit details
    Browse the repository at this point in the history

  5. chore(release): 3.6.0 

    Diff: 3.5.0...3.6.0
    @darrachequesne
    darrachequesne committed Jun 6, 2022
    Configuration menu
    Copy the full SHA
    f62f265 View commit details
    Browse the repository at this point in the history