Check origin header for websocket connection #1626
Conversation
|
|
|
@Timsly please sign 👆 |
|
Tests failed, need fix |
|
@hiroppy Done, signed |
|
Yep, expected, we can merge this and release, don't have access for computer right now |
|
That would be great |
|
rebuild https://ci.appveyor.com/project/sokra/webpack-dev-server @Timsly Could you rebase from master? |
|
@hiroppy I cannot rebase from |
|
Hm, in this case, I will cherry-pick them here |
|
@evilebottnawi I've ported both fixes, see f6c6af6 and ff8b19c |
|
@Timsly we don't have tests for |
|
@evilebottnawi I've tested current version and it works fine. |
|
@evilebottnawi is there a chance that this will be released as |
|
@Timsly today |
|
Thanks |
| // if hostHeader doesn't have scheme, add // for parsing. | ||
| /^(.+:)?\/\//.test(hostHeader) ? hostHeader : `//${hostHeader}`, | ||
| false, | ||
| true, |
5 participants
For Bugs and Features; did you add new tests?
No
Motivation / Use-Case
This is a port of #1603 fix but for v2 branch.
Basically, it addresses CVE vulnerability https://www.npmjs.com/advisories/725
I know that v2 is deprecated but it is not an easy task to upgrade this lib to v3 in rails apps, because some dependencies are still in release candidate state or even in beta.
Breaking Changes
Websocket is now checked for origin
Additional Info