In general, we try to avoid allowing TCP connections to be open with no
traffic on it indefinitely. We place timeouts on incoming HTTP
connections in webapp_server.js (which we adjust to longer values when
there's an HTTP request pending), and once a DDP connection is fully
established we require heartbeats.
However, if the incoming connection is a websocket, the faye-websocket
package used by SockJS calls setTimeout(0) on the underlying socket when
it initializes the WebSocket object:
https://github.com/faye/faye-websocket-node/blob/3148348a3/lib/faye/websocket/api.js#L111
So if a client does the WebSocket handshake with the server but never
sends a valid DDP connect message, the socket can be held open
indefinitely. (To add insult to injury, a 1MB Buffer object is retained
on such sockets due to something in the faye-websocket code, at least on
older versions of Node like 0.10.)
This commit restores a timeout on the socket for this in-between period.
(We actually saw this issue in production on the Meteor Developer
Accounts server --- hundreds of such broken connections would accumulate
over time. This may be triggered by a particular setup we use involving
proxies for the accounts server, or it may be a more generally
applicable issue.)
Another issue is URLs that are only a hash (this happens with inline SVG):
filter:url("#lightGreen")
In the current version of the codebase, gets rewritten to :
filter:url("")
The pull request also fixes this issue.
For certain use cases, like SVG filters, the url needs to have a # symbol. For example, the following css property :
```filter:url("filters.svg#lightGreen")```
In the current version of the codebase, gets rewritten to :
```filter:url("http://myapp.com/filters.svg")```
Whereas the proper behaviour should be:
```filter:url("http://myapp.com/filters.svg#lightGreen")```
This simple change will fix the issue.
