kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actioncable/test
History
Matthew Draper dae4044734 Permit same-origin connections by default 
WebSocket always defers the decision to the server, because it didn't
have to deal with legacy compatibility... but the same-origin policy is
still a reasonable default.

Origin checks do not protect against a directly connecting attacker --
they can lie about their host, but can also lie about their origin.
Origin checks protect against a connection from 3rd-party controlled
script in a context where a victim browser's cookies will be passed
along. And if an attacker has breached that protection, they've already
compromised the HTTP session, so treating the WebSocket connection in
the same way seems reasonable.

In case this logic proves incorrect (or anyone just wants to be more
paranoid), we retain a config option to disable it.
2016-10-11 12:51:10 +10:30
..
channel Add Channel#ensure_confirmation_sent; call #subscribe_to_channel after initializing 2016-09-22 20:25:09 +03:00
connection Permit same-origin connections by default 2016-10-11 12:51:10 +10:30
javascript Add helper for testing against a mock WebSocket and server 2016-05-31 13:06:11 -04:00
server Add tests for Server::Base#restart 2016-10-02 09:02:01 -04:00
stubs In-line the configuration points that only existed for Faye support 2016-10-01 15:36:26 +09:30
subscription_adapter Don't shut down adapters that haven't been set 2016-10-04 06:40:38 +10:30
client_test.rb Use a branch of websocket-client-simple, to work around read/close race 2016-10-06 12:51:26 +10:30
test_helper.rb Remove Faye mode 2016-10-01 15:35:59 +09:30
worker_test.rb applies new string literal convention in actioncable/test 2016-08-06 19:15:15 +02:00