Skip to content

Assume port 443 instead of 80 for https origins.#35

Merged
jondubois merged 1 commit into
SocketCluster:masterfrom
maxwellhaydn:get-port-from-scheme-in-origin-check
Jan 24, 2019
Merged

Assume port 443 instead of 80 for https origins.#35
jondubois merged 1 commit into
SocketCluster:masterfrom
maxwellhaydn:get-port-from-scheme-in-origin-check

Conversation

@maxwellhaydn

Copy link
Copy Markdown

You can enable checking of the Origin header using the origins option to new SocketCluster, e.g.

origins: [ 'www.example.com:443' ]

However, this fails if the Origin header scheme is https and the header contains no port, e.g.

Origin: https://www.example.com

The check fails because if the header contains no port, the port defaults to 80, regardless of the scheme. This pull request changes the check to assume port 443 if the Origin header contains no port and the schema is https; otherwise, continue to assume port 80.

The Origin check was assuming that an Origin header with no port
number means port 80, even if the scheme is https. Instead, if the
Origin header doesn't contain a port, assume port 443 if the scheme is
https and port 80 otherwise.
@jondubois jondubois merged commit 3551279 into SocketCluster:master Jan 24, 2019
@jondubois

Copy link
Copy Markdown
Member

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants