mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-22 16:36:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 33

ux: Better ux for if cookies are disabled or not available.

Browse source
This commit is contained in:
John McLear 2020-06-01 20:17:48 +01:00 committed by GitHub
parent a4713a8308
commit 0d51e71578
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 30 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

36
src/node/hooks/express/socketio.js
View file

@ -47,25 +47,35 @@ exports.expressCreateServer = function (hook_name, args, cb) {
io.use(function(socket, accept) {
var data = socket.request;
// Use a setting if we want to allow load Testing
if(!data.headers.cookie && settings.loadTest){
// Sometimes browsers might not have cookies at all, for example Safari in iFrames Cross domain
// https://github.com/ether/etherpad-lite/issues/4031
// if requireSession is false we can allow them to still get on the pad.
// Note that this does make security less tight because any socketIO connection can be established without
// any logic on the client to do any handshaking.. I am not concerned about this though, the real solution
// here is to implement rateLimiting on SocketIO ACCEPT_COMMIT messages.
if(!data.headers.cookie && (settings.loadTest || !settings.requireSession)){
accept(null, true);
}else{
if (!data.headers.cookie) return accept('No session cookie transmitted.', false);
}
cookieParserFn(data, {}, function(err){
if(err) {
console.error(err);
accept("Couldn't parse request cookies. ", false);
return;
}
if(data.headers.cookie){
cookieParserFn(data, {}, function(err){
if(err) {
console.error(err);
accept("Couldn't parse request cookies. ", false);
return;
}
data.sessionID = data.signedCookies.express_sid;
args.app.sessionStore.get(data.sessionID, function (err, session) {
if (err || !session) return accept('Bad session / session has expired', false);
data.session = new sessionModule.Session(data, session);
accept(null, true);
data.sessionID = data.signedCookies.express_sid;
args.app.sessionStore.get(data.sessionID, function (err, session) {
if (err || !session) return accept('Bad session / session has expired', false);
data.session = new sessionModule.Session(data, session);
accept(null, true);
});
});
});
}
});
// var socketIOLogger = log4js.getLogger("socket.io");