Merge pull request #12 from overleaf/td-origins-setting

Extend origins option to allow a function

Author: timdown

History.md

@@ -1,3 +1,10 @@
+0.9.19-overleaf-11 / 2025-01-24
+===============================
+
+* Overleaf: Extend origins option to allow a function
+* Overleaf: Remove htmlfile transport
+* Overleaf: Remove flashsocket transport
+
 0.9.19-overleaf-10 / 2023-04-25
 ===============================
 

Readme.md

@@ -329,7 +329,7 @@ Configuration in socket.io is TJ-style:
 var io = require('socket.io').listen(80);
 
 io.configure(function () {
-  io.set('transports', ['websocket', 'flashsocket', 'xhr-polling']);
+  io.set('transports', ['websocket', 'xhr-polling']);
 });
 
 io.configure('development', function () {

lib/manager.js

@@ -34,7 +34,6 @@ exports = module.exports = Manager;
 
 var defaultTransports = exports.defaultTransports = [
     'websocket'
-  , 'htmlfile'
   , 'xhr-polling'
   , 'jsonp-polling'
 ];
@@ -76,8 +75,6 @@ function Manager (server, options) {
     , 'heartbeat interval': 25
     , 'heartbeat timeout': 60
     , 'polling duration': 20
-    , 'flash policy server': true
-    , 'flash policy port': 10843
     , 'destroy upgrade': true
     , 'destroy buffer size': 10E7
     , 'browser client': true
@@ -159,7 +156,7 @@ function Manager (server, options) {
   });
 
   this.sequenceNumber = Date.now() | 0;
- 
+
   this.log.info('socket.io started');
 };
 
@@ -873,30 +870,30 @@ Manager.prototype.handshakeData = function (data, connection) {
   };
 };
 
-/**
- * Verifies the origin of a request.
- *
- * @api private
- */
-
-Manager.prototype.verifyOrigin = function (request) {
-  var origin = request.headers.origin || request.headers.referer
-    , origins = this.get('origins');
+Manager.prototype.isOriginAllowed = function (origin, request) {
+  var origins = this.get('origins');
 
   if (origin === 'null') origin = '*';
 
-  if (origins.indexOf('*:*') !== -1) {
+  var originsIsFunction = typeof origins === 'function';
+
+  if (!originsIsFunction && origins.indexOf('*:*') !== -1) {
     return true;
   }
 
   if (origin) {
     try {
-      var parts = url.parse(origin);
-      parts.port = parts.port || 80;
-      var ok =
-        ~origins.indexOf(parts.hostname + ':' + parts.port) ||
-        ~origins.indexOf(parts.hostname + ':*') ||
-        ~origins.indexOf('*:' + parts.port);
+      var ok = false;
+      if (originsIsFunction) {
+        ok = origins(origin, request);
+      } else {
+        var parts = url.parse(origin);
+        parts.port = parts.port || 80;
+        ok =
+            ~origins.indexOf(parts.hostname + ':' + parts.port) ||
+            ~origins.indexOf(parts.hostname + ':*') ||
+            ~origins.indexOf('*:' + parts.port);
+      }
       if (!ok) this.log.warn('illegal origin: ' + origin);
       return ok;
     } catch (ex) {
@@ -909,6 +906,21 @@ Manager.prototype.verifyOrigin = function (request) {
   return false;
 };
 
+/**
+ * Verifies the origin of a request.
+ *
+ * @api private
+ */
+
+Manager.prototype.verifyOrigin = function (request) {
+  var origin = request.headers.origin || request.headers.referer;
+  var allowed = this.isOriginAllowed(origin, request);
+  if (!origin && !allowed) {
+    this.log.warn('origin missing from handshake, yet required by config', { headers: request.headers });
+  }
+  return allowed;
+};
+
 /**
  * Handles an incoming packet.
  *

lib/transports/flashsocket.js

@@ -5,8 +5,6 @@
 
 module.exports = {
     websocket: require('./websocket')
-  , flashsocket: require('./flashsocket')
-  , htmlfile: require('./htmlfile')
   , 'xhr-polling': require('./xhr-polling')
   , 'jsonp-polling': require('./jsonp-polling')
 };