You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
WebSocket Upload Transport for Improved Performance in Proxied Environments
✨ Features
server: Added a WebSocket upload transport at /api/upload/ws that streams the encrypted payload over a single persistent connection, eliminating the HTTP/2 multiplexing bottleneck that reverse proxies (Traefik, Nginx) impose on parallel chunk uploads
server: Added FILE_UPLOAD_WS environment variable (default: true) to enable or disable the WebSocket upload transport
server: Added FILE_UPLOAD_WS_MAX_BUFFER environment variable (default: 16MB) to cap the per-session server receive buffer for WebSocket uploads
web: Upload worker now uses the WebSocket transport as the primary upload path and automatically falls back to the existing HTTP chunked upload when the handshake fails, is blocked, or times out (10 s)
🔒 Security
server: Added Origin header validation on WebSocket upgrade requests to prevent cross-site WebSocket hijacking (defence-in-depth, not exploitable due to token requirements)
📝 Documentation
docs: Added FILE_UPLOAD_WS and FILE_UPLOAD_WS_MAX_BUFFER to the user-guide environment variables page and the developer-guide environment reference
docs: Documented the WebSocket upload protocol in the upload API reference, including message shapes, close codes, and client fallback triggers
docs: Added Nginx and Traefik configuration snippets for the WebSocket upload transport in the reverse-proxy guide
docs: Updated developer-guide architecture to document both WebSocket (primary) and HTTP chunked (fallback) upload transports with flow diagrams
