github/socket.io
1
1
Fork 0
mirror of https://github.com/socketio/socket.io.git synced 2026-04-30 03:00:39 -04:00
Code Issues Packages Projects Releases Wiki Activity

Added http referrer verification to manager.js verifyOrigin + tests for origins setting

Browse Source
This commit is contained in:
einaros
2011-08-16 07:46:57 +02:00
committed by Daniel Shaw
parent dd30de3c5a
commit bb2e100e7f
2 changed files with 97 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/manager.js
View File

@@ -870,7 +870,7 @@ Manager.prototype.handshakeData = function (data) {
*/
Manager.prototype.verifyOrigin = function (request) {
var origin = request.headers.origin
var origin = request.headers.origin || request.headers.referer
, origins = this.get('origins');
if (origin === 'null') origin = '*';
@@ -882,14 +882,19 @@ Manager.prototype.verifyOrigin = function (request) {
if (origin) {
try {
var parts = url.parse(origin);
return
~origins.indexOf(parts.host + ':' + parts.port) ||
~origins.indexOf(parts.host + ':*') ||
var ok =
~origins.indexOf(parts.hostname + ':' + parts.port) ||
~origins.indexOf(parts.hostname + ':*') ||
~origins.indexOf('*:' + parts.port);
} catch (ex) {}
if (!ok) this.log.warn('illegal origin: ' + origin);
return ok;
} catch (ex) {
this.log.warn('error parsing origin');
}
}
else {
this.log.warn('origin missing from handshake, yet required by config');
}
return false;
};