From cbb0c4f54175e27f829740193fdad2d4e55768db Mon Sep 17 00:00:00 2001 From: Aprilia <80976002+useEffects@users.noreply.github.com> Date: Wed, 3 Jul 2024 18:26:33 +0530 Subject: [PATCH] Prioritize access_token in searchparam over access_token in the cookies when using "strict" mode for websocket authentication (#22888) * changes * prioritize query token if present * prioritize cookie over handshake * Create moody-bees-pay.md * Update moody-bees-pay.md --------- Co-authored-by: Brainslug Co-authored-by: Brainslug --- .changeset/moody-bees-pay.md | 5 +++++ api/src/websocket/controllers/base.ts | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) create mode 100644 .changeset/moody-bees-pay.md diff --git a/.changeset/moody-bees-pay.md b/.changeset/moody-bees-pay.md new file mode 100644 index 0000000000..b6698c4a4d --- /dev/null +++ b/.changeset/moody-bees-pay.md @@ -0,0 +1,5 @@ +--- +"@directus/api": patch +--- + +Prioritized access_token in query over cookies for websocket authentication diff --git a/api/src/websocket/controllers/base.ts b/api/src/websocket/controllers/base.ts index 3798549fdc..110627039b 100644 --- a/api/src/websocket/controllers/base.ts +++ b/api/src/websocket/controllers/base.ts @@ -137,14 +137,14 @@ export default abstract class SocketController { const context: UpgradeContext = { request, socket, head }; const sessionCookieName = env['SESSION_COOKIE_NAME'] as string; - if (cookies[sessionCookieName]) { - const token = cookies[sessionCookieName] as string; + if (this.authentication.mode === 'strict' || query['access_token']) { + const token = query['access_token'] as string; await this.handleTokenUpgrade(context, token); return; } - if (this.authentication.mode === 'strict') { - const token = query['access_token'] as string; + if (cookies[sessionCookieName]) { + const token = cookies[sessionCookieName] as string; await this.handleTokenUpgrade(context, token); return; }