github/socket.io
1
1
Fork 0
mirror of https://github.com/socketio/socket.io.git synced 2026-01-13 08:57:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
1,725 Commits 24 Branches 205 Tags
2.4.0
Commit Graph

1725 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Arrachequesne
873fdc55ed chore(release): 2.4.0 
Diff: https://github.com/socketio/socket.io/compare/2.3.0...2.4.0
2.4.0 		2021-01-05 00:27:13 +01:00
Damien Arrachequesne
f78a575f66 fix(security): do not allow all origins by default 
BREAKING CHANGE: previously, all origins were allowed by default, which
meant that a Socket.IO server sent the necessary CORS headers
(`Access-Control-Allow-xxx`) to any domain by default.

Please note that you are not impacted if:

- you are using Socket.IO v2 and the `origins` option to restrict the list of allowed domains
- you are using Socket.IO v3 (disabled by default)

This commit also removes the support for '*' matchers and protocol-less
URL:

```
io.origins('https://example.com:443'); => io.origins(['https://example.com']);
io.origins('localhost:3000');          => io.origins(['http://localhost:3000']);
io.origins('http://localhost:*');      => io.origins(['http://localhost:3000']);
io.origins('*:3000');                  => io.origins(['http://localhost:3000']);
```

To restore the previous behavior (please use with caution):

```js
io.origins((_, callback) => {
  callback(null, true);
});
```

See also:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
- https://socket.io/docs/v3/handling-cors/
- https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#CORS-handling

Thanks a lot to https://github.com/ni8walk3r for the security report.
 2021-01-04 22:34:09 +01:00
Sebastiaan Marynissen
d33a619905 fix: properly overwrite the query sent in the handshake 
The `query` option of the Manager had the priority over the one of the
Socket instance, which meant updating the Socket#query object on the
client-side was not reflected in the Socket#handshake object on the
server-side.

Please note that the behavior of the `query` option is still a bit
weird in Socket.IO v2, as it only applies to non-default namespace.
This is fixed in v3:

- https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#Add-a-clear-distinction-between-the-Manager-query-option-and-the-Socket-query-option
- https://socket.io/docs/v3/middlewares/#Sending-credentials

Fixes https://github.com/socketio/socket.io/issues/3495
 2021-01-04 11:34:24 +01:00
Damien Arrachequesne
3951a79359 chore: bump engine.io version 
Diff: https://github.com/socketio/engine.io/compare/3.4.2...3.5.0
 2021-01-04 10:50:13 +01:00
Damien Arrachequesne
6fa026fc94 ci: migrate to GitHub Actions 
Due to the recent changes to the Travis CI platform (see [1]), we will
now use GitHub Actions to run the tests.

Reference: https://docs.github.com/en/free-pro-team@latest/actions/guides/building-and-testing-nodejs

[1]: https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
 2021-01-04 10:46:44 +01:00
Damien Arrachequesne
47161a65d4 [chore] Release 2.3.0 
Diff: https://github.com/socketio/socket.io/compare/2.2.0...2.3.0
2.3.0 		2019-09-20 12:18:39 +02:00
Damien Arrachequesne
cf39362014 [chore] Bump socket.io-parser to version 3.4.0 
Diff: https://github.com/socketio/socket.io-parser/compare/3.3.0...3.4.0
 2019-09-20 11:04:11 +02:00
flaambe
4d01b2c84c test: remove deprecated Buffer usage (#3481) 2019-09-20 10:50:12 +02:00
Jonatan Juárez
82271921db [docs] Fix the default value of the 'origins' parameter (#3464) 
Fix documentation about default origins value. The default should read `*:*` instead of `*
 2019-09-20 10:37:54 +02:00
Damien Arrachequesne
1150eb50e9 [chore] Bump engine.io to version 3.4.0 
Diff: https://github.com/socketio/engine.io/compare/3.3.1...3.4.0
 2019-09-20 10:31:25 +02:00
Grant Timmerman
9c1e73c752 [chore] Update the license of the chat example (#3410) 
There was no obvious reason to use BSD instead of MIT for that very basic chat app.

Closes #3411
 2019-03-15 22:22:22 +01:00
Damien Arrachequesne
df05b73bb9 [chore] Release 2.2.0 2.2.0 2018-11-29 00:00:45 +01:00
Markko Legonkov
b00ae50be6 [feat] Add cache-control header when serving the client source (#2907) 2018-11-20 08:02:04 +01:00
Nadir Hussain Laskar
d3c653d876 [docs] Add Touch Support to the whiteboard example (#3104) 2018-11-20 08:01:09 +01:00
Antonio
a7fbd1ac4a [fix] Throw an error when trying to access the clients of a dynamic namespace (#3355) 
Accessing the clients of a dynamic namespace throws because doing `io.of(/your-regex/g)` returns a namespace with no adapter and the clients methods tries to access `namespace.adapter.clients`.
 2018-11-20 07:40:11 +01:00
Damien Arrachequesne
190d22b46e [chore] Bump dependencies 
- engine.io: https://github.com/socketio/engine.io/compare/3.2.0...3.3.1
- socket.io-parser: https://github.com/socketio/socket.io-parser/compare/3.2.0..3.3.0
 2018-11-20 07:33:41 +01:00
Damien Arrachequesne
7b8fba7ea2 [test] Update Travis configuration 
Reference: https://github.com/nodejs/Release
 2018-11-20 07:32:39 +01:00
Emmanuel DEMEY
e5f0ceaee0 [docs] Use new JavaScript syntax inside the README (#3360) 2018-11-08 00:26:54 +01:00
Damien Arrachequesne
7e35f901b8 [docs] fix this scope in the chat example 
`user is typing` messages were not properly removed

Closes #3291
 2018-08-28 09:05:44 +02:00
Damien Arrachequesne
2dbec77a38 [chore] Update issue template 2018-08-21 13:21:14 +02:00
Andrew Stelmach
d97d873aee [docs] update README.md (#3309) 2018-08-18 23:32:07 +02:00
Damien Arrachequesne
e0b2cb0c5a [chore] Release 2.1.1 2.1.1 2018-05-17 23:22:49 +02:00
Sleiman Sleiman
1decae341c [feat] Add local flag to the socket object (#3219) 
To match the behaviour on the namespace (see #2628).
 2018-04-27 13:03:25 +02:00
Donut
0279c47c8c [docs] Convert the chat example to ES6 (#3227) 2018-04-27 13:00:27 +02:00
Damien Arrachequesne
2917942b3e [docs] Clarify private messaging in the emit cheatsheet (#3232) 
The previous version was confusing, as `socket.to(socket.id).emit()` does nothing.

Fixes #3220
 2018-04-27 12:50:31 +02:00
Damien Arrachequesne
db831a3de4 [chore] Release 2.1.0 2.1.0 2018-03-29 23:30:03 +02:00
Damien Arrachequesne
ac945d1eba [feat] Add support for dynamic namespaces (#3195) 
This follows #3187, with a slightly different API.

A dynamic namespace can be created with:

```js
io.of(/^\/dynamic-\d+$/).on('connect', (socket) => { /* ... */ });
```
 2018-03-29 23:08:08 +02:00
Scott Gress
ad0c052eff [docs] Add note in docs for origins(fn) about error needing to be a string. (#2895) 2018-03-10 09:03:28 +01:00
Damien Arrachequesne
1f1d64bab6 [fix] Include the protocol in the origins check (#3198) 
Previously, the protocol was not taken in account, which caused the following behaviour:

```js
io.origins('https://foo.example.com:443'); // ok as a string
io.origins(['https://foo.example.com:443'); // not ok as an array
```

Fixes #3190
 2018-03-10 08:56:42 +01:00
Damien Arrachequesne
f4fc517e0f [fix] Properly emit 'connect' when using a custom namespace (#3197) 
When using a custom namespace with a middleware, the client did not receive the 'connect' event.

Fixes #3082
 2018-03-10 08:51:22 +01:00
Jumper Chen
be61ba0a20 [docs] Add link to a Dart client implementation (#2940) 2018-03-01 00:23:45 +01:00
Damien Arrachequesne
c0c79f019e [feat] Add support for dynamic namespaces (#3187) 2018-03-01 00:22:16 +01:00
Damien Arrachequesne
dea5214f21 [chore] Bump superagent and supertest versions (#3186) 2018-02-28 23:19:19 +01:00
Damien Arrachequesne
b1941d5dfe [chore] Bump engine.io to version 3.2.0 2018-02-28 23:10:40 +01:00
Miguel Piedrafita
a23007a635 [docs] Update license year (#3153) 2018-02-28 23:03:02 +01:00
Damien Arrachequesne
f48a06c040 [feat] Add a 'binary' flag (#3185) 
So that the call to the `has-binary` method can be skipped. Usage:

```
// with binary data
socket.binary(true).emit("binary", obj);

// without binary data
socket.binary(false).emit("string", obj);

// call to hasBin
socket.emit("guess", obj);
```
 2018-02-28 23:00:16 +01:00
Damien Arrachequesne
0539a2c4fd [test] Update travis configuration 2018-02-28 22:56:28 +01:00
Devlin Pajaron
c06ac071d0 [docs] Fix typo (#3157) 2018-02-25 09:26:24 +01:00
Damien Arrachequesne
52b09609db [chore] Bump debug to version 3.1.0 2018-02-25 09:22:40 +01:00
Damien Arrachequesne
1c108a35e4 [chore] Release 2.0.4 2.0.4 2017-10-22 15:16:29 +02:00
Thiago Santos
f333479080 [test] Use npm scripts instead of gulp (#3078) 2017-10-16 07:46:42 +02:00
Carson McKinstry
3f611654f2 [docs] Fix a grammar mistake in the API docs (#3076) 2017-10-07 15:08:14 +02:00
Vyacheslav Aristov
e26b71c78e [docs] Fix typo in API docs (#3066) 2017-10-07 14:36:02 +02:00
Haku
3386e155a8 [docs] Actually prevent input from having injected markup in chat example (#2987) 2017-08-27 08:40:26 +02:00
Stanley288
3684d590f5 [docs] Use path.join instead of concatenating paths (#3014) 2017-08-26 07:44:25 +02:00
Damien Arrachequesne
dd69abbeee [fix] Reset rooms object before broadcasting from namespace (#3039) 2017-08-26 07:36:26 +02:00
Damien Arrachequesne
1f0e64a6da [fix] Do not throw when receiving an unhandled error packet (#3038) 2017-08-26 07:35:57 +02:00
Gabriel Hautclocq
9d170a75d0 [docs] Add io.emit in the cheat sheet (#2992) 2017-07-01 07:57:34 +02:00
Nicolas Coden
7199d1b6ef [docs] Fix misnamed 'Object.keys' in API docs (#2979) 2017-06-19 12:16:26 +02:00
Damien Arrachequesne
bf7afb14cb [docs] Update Webpack server example (#2976) 2017-06-15 23:40:43 +02:00