etherpad-lite/src at a51684b0227942b87c4742fbbdc3934c2a4d7018 - mirrors/etherpad-lite - Steven's Forge

mirrors/etherpad-lite

mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-24 17:36:14 -04:00

History

muxator a51684b022 security: stop setting the "io" cookie The "io" cookie is created by socket.io, and its purpose is to offer an handle to perform load balancing with session stickiness when the library falls back to long polling or below. In Etherpad's case, if an operator needs to load balance, he can use the "express_sid" cookie, and thus "io" is of no use. Moreover, socket.io API does not offer a way of setting the "secure" flag on it, and thus is a liability. Let's simply nuke it. References: https://socket.io/docs/using-multiple-nodes/#Sticky-load-balancing https://github.com/socketio/socket.io/issues/2276#issuecomment-147184662 (not totally true, actually, see above)		2019-12-07 04:20:12 +01:00
..
locales	Localisation updates from https://translatewiki.net .	2019-11-18 18:11:48 +01:00
node	security: stop setting the "io" cookie	2019-12-07 04:20:12 +01:00
static	referer: change referrer policy. Stop sending referers as much as possible	2019-11-25 00:05:40 +01:00
templates	pad.html: fix regression introduced with `5879037ddc`.	2019-11-30 20:32:39 +01:00
ep.json	Initial work on swagger	2013-03-06 10:10:21 +00:00
etherpad_icon.svg	Add new favicon (32x32) with associated svg file	2015-01-11 22:40:56 +01:00
package-lock.json	dependencies: upgrade npm 6.12.1 -> 6.13.1	2019-11-25 02:04:39 +01:00
package.json	dependencies: upgrade npm 6.12.1 -> 6.13.1	2019-11-25 02:04:39 +01:00
README.md	remove one less warning during install by having a readme placeholder	2013-02-10 03:04:08 +00:00
web.config	Add IIS config file	2012-10-25 10:22:28 -07:00

README.md

Ignore this file and see the file in the base installation folder