Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 13 commits
- 12 files changed
- 5 contributors
Commits on Mar 15, 2019
-
[chore] Update the license of the chat example (#3410)
There was no obvious reason to use BSD instead of MIT for that very basic chat app. Closes #3411
Commits on Sep 20, 2019
-
-
[docs] Fix the default value of the 'origins' parameter (#3464)
Fix documentation about default origins value. The default should read `*:*` instead of `*
-
-
Commits on Jan 4, 2021
-
Due to the recent changes to the Travis CI platform (see [1]), we will now use GitHub Actions to run the tests. Reference: https://docs.github.com/en/free-pro-team@latest/actions/guides/building-and-testing-nodejs [1]: https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
-
-
fix: properly overwrite the query sent in the handshake
The `query` option of the Manager had the priority over the one of the Socket instance, which meant updating the Socket#query object on the client-side was not reflected in the Socket#handshake object on the server-side. Please note that the behavior of the `query` option is still a bit weird in Socket.IO v2, as it only applies to non-default namespace. This is fixed in v3: - https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#Add-a-clear-distinction-between-the-Manager-query-option-and-the-Socket-query-option - https://socket.io/docs/v3/middlewares/#Sending-credentials Fixes #3495
-
fix(security): do not allow all origins by default
BREAKING CHANGE: previously, all origins were allowed by default, which meant that a Socket.IO server sent the necessary CORS headers (`Access-Control-Allow-xxx`) to any domain by default. Please note that you are not impacted if: - you are using Socket.IO v2 and the `origins` option to restrict the list of allowed domains - you are using Socket.IO v3 (disabled by default) This commit also removes the support for '*' matchers and protocol-less URL: ``` io.origins('https://example.com:443'); => io.origins(['https://example.com']); io.origins('localhost:3000'); => io.origins(['http://localhost:3000']); io.origins('http://localhost:*'); => io.origins(['http://localhost:3000']); io.origins('*:3000'); => io.origins(['http://localhost:3000']); ``` To restore the previous behavior (please use with caution): ```js io.origins((_, callback) => { callback(null, true); }); ``` See also: - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS - https://socket.io/docs/v3/handling-cors/ - https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#CORS-handling Thanks a lot to https://github.com/ni8walk3r for the security report.
Commits on Jan 7, 2021
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 2.2.0...2.4.1