Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix #101 - verifying origin wasn't fully supported, remove the remains

  • Loading branch information...
commit d16856d20bae97214ded5466be3d0ac2314055bc 1 parent 2fdca8a
Marek majek authored
2  src/chunking-test.coffee
View
@@ -33,7 +33,7 @@ exports.app =
info: (req, res, _) ->
info = {
websocket: @options.websocket,
- origins: @options.origins,
+ origins: ['*:*'],
cookie_needed: not not @options.jsessionid,
entropy: utils.random32(),
}
1  src/sockjs.coffee
View
@@ -132,7 +132,6 @@ class Server extends events.EventEmitter
@options =
prefix: ''
response_limit: 128*1024
- origins: ['*:*']
websocket: true
jsessionid: false
heartbeat_delay: 25000
6 src/trans-websocket.coffee
View
@@ -25,12 +25,6 @@ exports.app =
status: 400
message: '"Connection" must be "Upgrade".'
}
- origin = req.headers.origin
- if not utils.verify_origin(origin, @options.origins)
- throw {
- status: 400
- message: 'Unverified origin.'
- }
sockjs_websocket: (req, connection, head) ->
@_websocket_check(req, connection, head)
18 src/utils.coffee
View
@@ -17,24 +17,6 @@ exports.array_intersection = array_intersection = (arr_a, arr_b) ->
r.push(a)
return r
-# exports.array_contains = (arr, element) ->
-# return (arr.indexOf(element) !== -1)
-
-exports.verify_origin = (origin, list_of_origins) ->
- if list_of_origins.indexOf('*:*') isnt -1
- return true
- if not origin
- return false
- try
- parts = url.parse(origin)
- origins = [parts.host + ':' + parts.port,
- parts.host + ':*',
- '*:' + parts.port]
- if array_intersection(origins, list_of_origins).length > 0
- return true
- catch x
- return false
-
exports.escape_selected = (str, chars) ->
map = {}
chars = '%'+chars
Please sign in to comment.
Something went wrong with that request. Please try again.