fix: Allow all origins with credentials

frappe/public/js/frappe/socketio_client.js

@@ -12,15 +12,29 @@ frappe.socketio = {
 			return;
 		}
 
-		//Enable secure option when using HTTPS
+		// Enable secure option when using HTTPS
 		if (window.location.protocol == "https:") {
-			frappe.socketio.socket = io.connect(frappe.socketio.get_host(port), {secure: true});
-		}
-		else if (window.location.protocol == "http:") {
-			frappe.socketio.socket = io.connect(frappe.socketio.get_host(port));
-		}
-		else if (window.location.protocol == "file:") {
-			frappe.socketio.socket = io.connect(window.localStorage.server);
+			frappe.socketio.socket = io.connect(
+				frappe.socketio.get_host(port),
+				{
+					secure: true,
+					withCredentials: true,
+				}
+			);
+		} else if (window.location.protocol == "http:") {
+			frappe.socketio.socket = io.connect(
+				frappe.socketio.get_host(port),
+				{
+					withCredentials: true,
+				}
+			);
+		} else if (window.location.protocol == "file:") {
+			frappe.socketio.socket = io.connect(
+				window.localStorage.server,
+				{
+					withCredentials: true,
+				}
+			);
 		}
 
 		if (!frappe.socketio.socket) {

socketio.js

@@ -8,7 +8,9 @@ const subscriber = get_redis_subscriber();
 
 const io = require('socket.io')(conf.socketio_port, {
 	cors: {
-		origin: "*", // we are checking for hostnames before registering a socket
+		// Should be fine since we are ensuring whether hostname and origin are same before adding setting listeners for s socket
+		origin: true,
+		credentials: true
 	}
 });