From 2ea0b588731a4d7b8b8c2a01b3d792a38b872e06 Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Fri, 1 Jul 2022 17:54:50 +0530 Subject: [PATCH] fix: Allow all origins with credentials --- frappe/public/js/frappe/socketio_client.js | 30 ++++++++++++++++------ socketio.js | 4 ++- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/frappe/public/js/frappe/socketio_client.js b/frappe/public/js/frappe/socketio_client.js index ce9100e206..4f825379c0 100644 --- a/frappe/public/js/frappe/socketio_client.js +++ b/frappe/public/js/frappe/socketio_client.js @@ -12,15 +12,29 @@ frappe.socketio = { return; } - //Enable secure option when using HTTPS + // Enable secure option when using HTTPS if (window.location.protocol == "https:") { - frappe.socketio.socket = io.connect(frappe.socketio.get_host(port), {secure: true}); - } - else if (window.location.protocol == "http:") { - frappe.socketio.socket = io.connect(frappe.socketio.get_host(port)); - } - else if (window.location.protocol == "file:") { - frappe.socketio.socket = io.connect(window.localStorage.server); + frappe.socketio.socket = io.connect( + frappe.socketio.get_host(port), + { + secure: true, + withCredentials: true, + } + ); + } else if (window.location.protocol == "http:") { + frappe.socketio.socket = io.connect( + frappe.socketio.get_host(port), + { + withCredentials: true, + } + ); + } else if (window.location.protocol == "file:") { + frappe.socketio.socket = io.connect( + window.localStorage.server, + { + withCredentials: true, + } + ); } if (!frappe.socketio.socket) { diff --git a/socketio.js b/socketio.js index 8e6b16397e..d393d7145b 100644 --- a/socketio.js +++ b/socketio.js @@ -8,7 +8,9 @@ const subscriber = get_redis_subscriber(); const io = require('socket.io')(conf.socketio_port, { cors: { - origin: "*", // we are checking for hostnames before registering a socket + // Should be fine since we are ensuring whether hostname and origin are same before adding setting listeners for s socket + origin: true, + credentials: true } });