socketio/socket.io
socketio/socket.io
Activity
Last release
Open issues
Open PRs
License
release notes
release notes
Published 1/7/2021
PatchContains breaking changesThis release reverts the breaking change introduced in 2.4.0 (https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7).
If you are using Socket.IO v2, you should explicitly allow/disallow cross-origin requests:
const io = require("socket.io")(httpServer, {
allowRequest: (req, callback) => {
callback(null, req.headers.origin === undefined); // cross-origin requests will not be allowed
}
});
io.origins(["http://localhost:3000"]); // for local development
io.origins(["https://example.com"]);
In any case, please consider upgrading to Socket.IO v3, where this security issue is now fixed (CORS is disabled by default).
~3.5.0~7.4.2release notes
Published 1/7/2021
PatchContains breaking changesThis release reverts the breaking change introduced in 2.4.0 (https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7).
If you are using Socket.IO v2, you should explicitly allow/disallow cross-origin requests:
const io = require("socket.io")(httpServer, {
allowRequest: (req, callback) => {
callback(null, req.headers.origin === undefined); // cross-origin requests will not be allowed
}
});
io.origins(["http://localhost:3000"]); // for local development
io.origins(["https://example.com"]);
In any case, please consider upgrading to Socket.IO v3, where this security issue is now fixed (CORS is disabled by default).
~3.5.0~7.4.2Realtime application framework (Node.JS server)