add localhost specification for IPV6 without square brackets
Summary: Socket.io-client sends the host as ::1 instead of [::1] when using IPV6 to communicate with Flipper, that is the reason the communication was always being refused. Reviewed By: mweststrate Differential Revision: D34679825 fbshipit-source-id: b7431ad23f743276c11619d7cdb5c83594dee43a
This commit is contained in:
Andres Orozco Gonzalez
committed by
Facebook GitHub Bot
Facebook GitHub Bot
parent
70eab186aa
commit
5b6000b424
@@ -64,14 +64,18 @@ function startAssetServer(
|
|||||||
function addWebsocket(server: http.Server, config: Config) {
|
function addWebsocket(server: http.Server, config: Config) {
|
||||||
const localhostIPV4 = `localhost:${config.port}`;
|
const localhostIPV4 = `localhost:${config.port}`;
|
||||||
const localhostIPV6 = `[::1]:${config.port}`;
|
const localhostIPV6 = `[::1]:${config.port}`;
|
||||||
|
const localhostIPV6NoBrackets = `::1:${config.port}`;
|
||||||
|
|
||||||
|
const possibleHosts = [localhostIPV4, localhostIPV6, localhostIPV6NoBrackets];
|
||||||
|
|
||||||
const io = new socketio.Server(server, {
|
const io = new socketio.Server(server, {
|
||||||
maxHttpBufferSize: WEBSOCKET_MAX_MESSAGE_SIZE,
|
maxHttpBufferSize: WEBSOCKET_MAX_MESSAGE_SIZE,
|
||||||
allowRequest(req, callback) {
|
allowRequest(req, callback) {
|
||||||
const noOriginHeader = req.headers.origin === undefined;
|
const noOriginHeader = req.headers.origin === undefined;
|
||||||
if (
|
if (
|
||||||
noOriginHeader &&
|
noOriginHeader &&
|
||||||
(req.headers.host === localhostIPV4 ||
|
req.headers.host &&
|
||||||
req.headers.host === localhostIPV6)
|
possibleHosts.includes(req.headers.host)
|
||||||
) {
|
) {
|
||||||
// no origin header? Either the request is not cross-origin,
|
// no origin header? Either the request is not cross-origin,
|
||||||
// or the request is not originating from a browser, so should be OK to pass through
|
// or the request is not originating from a browser, so should be OK to pass through
|
||||||
@@ -84,7 +88,11 @@ function addWebsocket(server: http.Server, config: Config) {
|
|||||||
// directly from intern. But before that, we should either authenticate the request somehow,
|
// directly from intern. But before that, we should either authenticate the request somehow,
|
||||||
// and discuss security impact and for example scope the files that can be read by Flipper.
|
// and discuss security impact and for example scope the files that can be read by Flipper.
|
||||||
console.warn(
|
console.warn(
|
||||||
`Refused sockect connection from cross domain request, origin: ${req.headers.origin}, host: ${req.headers.host}. Expected: ${localhostIPV4} or ${localhostIPV6}`,
|
`Refused sockect connection from cross domain request, origin: ${
|
||||||
|
req.headers.origin
|
||||||
|
}, host: ${req.headers.host}. Expected: ${possibleHosts.join(
|
||||||
|
' or ',
|
||||||
|
)}`,
|
||||||
);
|
);
|
||||||
callback(null, false);
|
callback(null, false);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user