Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 5 commits
- 9 files changed
- 2 contributors
Commits on Jan 4, 2021
-
Due to the recent changes to the Travis CI platform (see [1]), we will now use GitHub Actions to run the tests. Reference: https://docs.github.com/en/free-pro-team@latest/actions/guides/building-and-testing-nodejs [1]: https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
-
-
fix: properly overwrite the query sent in the handshake
The `query` option of the Manager had the priority over the one of the Socket instance, which meant updating the Socket#query object on the client-side was not reflected in the Socket#handshake object on the server-side. Please note that the behavior of the `query` option is still a bit weird in Socket.IO v2, as it only applies to non-default namespace. This is fixed in v3: - https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#Add-a-clear-distinction-between-the-Manager-query-option-and-the-Socket-query-option - https://socket.io/docs/v3/middlewares/#Sending-credentials Fixes #3495
-
fix(security): do not allow all origins by default
BREAKING CHANGE: previously, all origins were allowed by default, which meant that a Socket.IO server sent the necessary CORS headers (`Access-Control-Allow-xxx`) to any domain by default. Please note that you are not impacted if: - you are using Socket.IO v2 and the `origins` option to restrict the list of allowed domains - you are using Socket.IO v3 (disabled by default) This commit also removes the support for '*' matchers and protocol-less URL: ``` io.origins('https://example.com:443'); => io.origins(['https://example.com']); io.origins('localhost:3000'); => io.origins(['http://localhost:3000']); io.origins('http://localhost:*'); => io.origins(['http://localhost:3000']); io.origins('*:3000'); => io.origins(['http://localhost:3000']); ``` To restore the previous behavior (please use with caution): ```js io.origins((_, callback) => { callback(null, true); }); ``` See also: - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS - https://socket.io/docs/v3/handling-cors/ - https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#CORS-handling Thanks a lot to https://github.com/ni8walk3r for the security report.
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 2.3.0...2.4.0