fix: Allow all origins with credentials

2022-07-01 17:54:50 +05:30 · 2022-07-01 17:54:50 +05:30 · 2ea0b58873
commit 2ea0b58873
parent 05f416e448
2 changed files with 25 additions and 9 deletions
--- a/frappe/public/js/frappe/socketio_client.js
+++ b/frappe/public/js/frappe/socketio_client.js
@ -12,15 +12,29 @@ frappe.socketio = {
 			return;
 		}

-		//Enable secure option when using HTTPS
+		// Enable secure option when using HTTPS
 		if (window.location.protocol == "https:") {
-			frappe.socketio.socket = io.connect(frappe.socketio.get_host(port), {secure: true});
-		}
-		else if (window.location.protocol == "http:") {
-			frappe.socketio.socket = io.connect(frappe.socketio.get_host(port));
-		}
-		else if (window.location.protocol == "file:") {
-			frappe.socketio.socket = io.connect(window.localStorage.server);
+			frappe.socketio.socket = io.connect(
+				frappe.socketio.get_host(port),
+				{
+					secure: true,
+					withCredentials: true,
+				}
+			);
+		} else if (window.location.protocol == "http:") {
+			frappe.socketio.socket = io.connect(
+				frappe.socketio.get_host(port),
+				{
+					withCredentials: true,
+				}
+			);
+		} else if (window.location.protocol == "file:") {
+			frappe.socketio.socket = io.connect(
+				window.localStorage.server,
+				{
+					withCredentials: true,
+				}
+			);
 		}

 		if (!frappe.socketio.socket) {
--- a/socketio.js
+++ b/socketio.js
@ -8,7 +8,9 @@ const subscriber = get_redis_subscriber();

 const io = require('socket.io')(conf.socketio_port, {
 	cors: {
-		origin: "*", // we are checking for hostnames before registering a socket
+		// Should be fine since we are ensuring whether hostname and origin are same before adding setting listeners for s socket
+		origin: true,
+		credentials: true
 	}
 });