Skip to content

fix(server): stricter headers security check #2092

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 3, 2019
Merged

fix(server): stricter headers security check #2092

merged 2 commits into from
Jul 3, 2019

Conversation

knagaitsev
Copy link
Collaborator

  • This is a bugfix
  • This is a feature
  • This is a code refactor
  • This is a test update
  • This is a docs update
  • This is a metadata update

For Bugs and Features; did you add new tests?

Yes

Motivation / Use-Case

Headers security check for connecting clients should not allow a connection without headers: #2077

Breaking Changes

Changes the socket server implementation requirements such that headers must be passed to onConnection callback.

Additional Info

@codecov
Copy link

codecov bot commented Jul 2, 2019
edited
Loading

Codecov Report

Merging #2092 into master will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #2092      +/-   ##
==========================================
+ Coverage   94.45%   94.46%   +<.01%     
==========================================
  Files          32       32              
  Lines        1208     1210       +2     
  Branches      333      334       +1     
==========================================
+ Hits         1141     1143       +2     
  Misses         65       65              
  Partials        2        2
Impacted Files Coverage Δ
lib/servers/WebsocketServer.js 94.11% <ø> (ø) ⬆️
lib/servers/SockJSServer.js 96.66% <ø> (ø) ⬆️
lib/Server.js 96.93% <100%> (+0.01%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 56274e4...e336915. Read the comment docs.

alexander-akait
alexander-akait approved these changes Jul 2, 2019
View reviewed changes
Copy link
Member

@alexander-akait alexander-akait left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for clarify and good job!

@hiroppy hiroppy merged commit 078ddca into webpack:master Jul 3, 2019
knagaitsev added a commit to knagaitsev/webpack-dev-server that referenced this pull request Jul 31, 2019
@knagaitsev
fix(server): stricter headers security check (webpack#2092)
7f0b499 
* fix(server): stricter headers security check

* fix(server): changed comments explaining how server impl works
@knagaitsev knagaitsev added gsoc Google Summer of Code scope: ws(s) labels Aug 13, 2019
@snyk-bot snyk-bot mentioned this pull request Aug 30, 2019
Closed
@snyk-bot snyk-bot mentioned this pull request Nov 1, 2019
Open
This was referenced Dec 14, 2019
Open
Open
This was referenced Feb 22, 2020
Open
Open
@snyk-bot snyk-bot mentioned this pull request Mar 5, 2020
Open
@vpetersson vpetersson mentioned this pull request Mar 6, 2020
Closed
This was referenced Mar 13, 2020
Open
Closed
Open
@snyk-bot snyk-bot mentioned this pull request Mar 21, 2020
Closed
@snyk-bot snyk-bot mentioned this pull request Apr 4, 2020
Merged
This was referenced May 5, 2020
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hiroppy hiroppy hiroppy approved these changes

@alexander-akait alexander-akait alexander-akait approved these changes

Assignees
No one assigned
Labels
gsoc Google Summer of Code scope: ws(s)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@knagaitsev @hiroppy @alexander-akait