Skip to content

Commit 1f1d64b

Browse files
darrachequesnedarrachequesne
authoredMar 10, 2018
[fix] Include the protocol in the origins check (#3198)
Previously, the protocol was not taken in account, which caused the following behaviour: ```js io.origins('https://foo.example.com:443'); // ok as a string io.origins(['https://foo.example.com:443'); // not ok as an array ``` Fixes #3190
·
socket.io-client@4.8.12.1.0
1 parent f4fc517 commit 1f1d64b

File tree

3 files changed

+16
-3
lines changed

3 files changed

+16
-3
lines changed
 

‎docs/API.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -225,13 +225,13 @@ io.adapter(redis({ host: 'localhost', port: 6379 }));
225225

226226
#### server.origins([value])
227227

228-
- `value` _(String)_
228+
- `value` _(String|String[])_
229229
- **Returns** `Server|String`
230230

231231
Sets the allowed origins `value`. Defaults to any origins being allowed. If no arguments are supplied this method returns the current value.
232232

233233
```js
234-
io.origins(['foo.example.com:443']);
234+
io.origins(['https://foo.example.com:443']);
235235
```
236236

237237
#### server.origins(fn)

‎lib/index.js

+3-1
Original file line numberDiff line numberDiff line change
@@ -80,9 +80,11 @@ Server.prototype.checkRequest = function(req, fn) {
8080
? parts.port
8181
: defaultPort;
8282
var ok =
83+
~this._origins.indexOf(parts.protocol + '//' + parts.hostname + ':' + parts.port) ||
8384
~this._origins.indexOf(parts.hostname + ':' + parts.port) ||
8485
~this._origins.indexOf(parts.hostname + ':*') ||
8586
~this._origins.indexOf('*:' + parts.port);
87+
debug('origin %s is %svalid', origin, !!ok ? '' : 'not ');
8688
return fn(null, !!ok);
8789
} catch (ex) {
8890
}
@@ -241,7 +243,7 @@ Server.prototype.adapter = function(v){
241243
/**
242244
* Sets the allowed origins for requests.
243245
*
244-
* @param {String} v origins
246+
* @param {String|String[]} v origins
245247
* @return {Server|Adapter} self when setting or value when getting
246248
* @api public
247249
*/

‎test/socket.io.js

+11
Original file line numberDiff line numberDiff line change
@@ -354,6 +354,17 @@ describe('socket.io', function(){
354354
done();
355355
});
356356
});
357+
358+
it('should allow request when using an array of origins', function(done) {
359+
io({ origins: [ 'http://foo.example:54024' ] }).listen('54024');
360+
request.get('http://localhost:54024/socket.io/default/')
361+
.set('origin', 'http://foo.example:54024')
362+
.query({ transport: 'polling' })
363+
.end(function (err, res) {
364+
expect(res.status).to.be(200);
365+
done();
366+
});
367+
});
357368
});
358369

359370
describe('close', function(){

0 commit comments

Comments
 (0)
Please sign in to comment.