github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Prioritize access_token in searchparam over access_token in the cookies when using "strict" mode for websocket authentication (#22888)

Browse Source 
* changes

* prioritize query token if present

* prioritize cookie over handshake

* Create moody-bees-pay.md

* Update moody-bees-pay.md

---------

Co-authored-by: Brainslug <tim@brainslug.nl>
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
This commit is contained in:
Aprilia
2024-07-03 18:26:33 +05:30
committed by GitHub
parent 74992cabfa
commit cbb0c4f541
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.changeset/moody-bees-pay.md Normal file
View File

@@ -0,0 +1,5 @@
---
"@directus/api": patch
---
Prioritized access_token in query over cookies for websocket authentication

8
api/src/websocket/controllers/base.ts
View File

@@ -137,14 +137,14 @@ export default abstract class SocketController {
const context: UpgradeContext = { request, socket, head };
const sessionCookieName = env['SESSION_COOKIE_NAME'] as string;
if (cookies[sessionCookieName]) {
const token = cookies[sessionCookieName] as string;
if (this.authentication.mode === 'strict' || query['access_token']) {
const token = query['access_token'] as string;
await this.handleTokenUpgrade(context, token);
return;
}
if (this.authentication.mode === 'strict') {
const token = query['access_token'] as string;
if (cookies[sessionCookieName]) {
const token = cookies[sessionCookieName] as string;
await this.handleTokenUpgrade(context, token);
return;
}