aboutsummaryrefslogtreecommitdiffstats
path: root/actioncable/lib/action_cable/connection/base.rb
Commit message (Collapse)AuthorAgeFilesLines
* Rails 6 requires Ruby 2.3+Jeremy Daer2018-02-171-4/+1
|
* [ci skip] Prefer cookies.encrypted over signed (#30129)Claudio B2017-08-071-1/+1
| | | | | | | | | | | | | | | | In some examples and guides we are recommending to use code like: ```ruby verified_user = User.find_by(id: cookies.signed[:user_id]) ``` My suggestion is to use instead: ```ruby verified_user = User.find_by(id: cookies.encrypted[:user_id]) ``` which invites users to prefer the "newer" encrypted cookies over the "legacy" signed cookies.
* Use frozen string literal in actioncable/Kir Shatrov2017-07-231-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* Log any errors originating from the socketedwardmp2017-04-161-1/+2
|
* Privatize unneededly protected methods in Action CableAkira Matsuda2016-12-241-7/+7
|
* Describe what we are protectingAkira Matsuda2016-12-231-0/+2
|
* ActionCable::Connection::Base doc code sample syntax errorMSP-Greg2016-12-061-4/+1
|
* Permit same-origin connections by defaultMatthew Draper2016-10-111-2/+2
| | | | | | | | | | | | | | | | | WebSocket always defers the decision to the server, because it didn't have to deal with legacy compatibility... but the same-origin policy is still a reasonable default. Origin checks do not protect against a directly connecting attacker -- they can lie about their host, but can also lie about their origin. Origin checks protect against a connection from 3rd-party controlled script in a context where a victim browser's cookies will be passed along. And if an attacker has breached that protection, they've already compromised the HTTP session, so treating the WebSocket connection in the same way seems reasonable. In case this logic proves incorrect (or anyone just wants to be more paranoid), we retain a config option to disable it.
* Merge pull request #26568 from skateman/cable-sameorigin-as-hostMatthew Draper2016-10-111-0/+3
|\ | | | | | | Optionally allow ActionCable requests from the same host as origin
| * Optionally allow ActionCable requests from the same host as originDávid Halász2016-09-211-0/+3
| | | | | | | | | | | | | | When the `allow_same_origin_as_host` is set to `true`, the request forgery protection permits `HTTP_ORIGIN` values starting with the corresponding `proto://` prefix followed by `HTTP_HOST`. This way it is not required to specify the list of allowed URLs.
* | In-line the configuration points that only existed for Faye supportMatthew Draper2016-10-011-1/+1
|/
* [ci skip] Fix formatting in Action Cable Connection::Base module docsPrathamesh Sonpatki2016-09-071-1/+1
|
* applies new string literal convention in actioncable/libXavier Noria2016-08-061-8/+8
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Pass over Action Cable docsJon Moss2016-05-211-1/+1
| | | | [ci skip]
* Fix typos in ActionCable Channel [ci skip]Tom Kadwill2016-04-181-1/+1
|
* Merge pull request #24224 from danielrhodes/actioncable-websocket-protocolsJeremy Daer2016-04-051-1/+2
|\ | | | | | | ActionCable protocol negotiation
| * Added protocol negotiationDaniel Rhodes2016-04-051-1/+2
| | | | | | | | | | | | | | | | | | This is primarily for backwards compatibility for when or if the protocol is changed in future versions. If the server fails to respond with an acceptable protocol, the client disconnects and disables the monitor.
* | Cable message encodingJeremy Daer2016-03-311-14/+24
|/ | | | | | | | | | | | | | | | | | | * Introduce a connection coder responsible for encoding Cable messages as WebSocket messages, defaulting to `ActiveSupport::JSON` and duck- typing to any object responding to `#encode` and `#decode`. * Consolidate encoding responsibility to the connection. No longer explicitly JSON-encode from channels or other sources. Pass Cable messages as Hashes to `#transmit` and rely on it to encode. * Introduce stream encoders responsible for decoding pubsub messages. Preserve the currently raw encoding, but make it easy to use JSON. Same duck type as the connection encoder. * Revert recent data normalization/quoting (#23649) which treated `identifier` and `data` values as nested JSON objects rather than as opaque JSON-encoded strings. That dealt us an awkward hand where we'd decode JSON strings… or not, but always encode as JSON. Embedding JSON object values directly is preferably, no extra JSON encoding, but that should be a purposeful protocol version change rather than ambiguously, inadvertently supporting multiple message formats.
* Merge pull request #23992 from matthewd/em-optionMatthew Draper2016-03-041-2/+2
|\ | | | | Support faye-websocket + EventMachine as an option
| * Support faye-websocket + EventMachine as an optionMatthew Draper2016-03-021-2/+2
| |
* | Merge pull request #23976 from danielrhodes/enhancement/ac-ping-to-message-typeMatthew Draper2016-03-021-5/+5
|\ \ | |/ |/| | | ActionCable: Add a "welcome" and "ping" message type
| * Make ping into a message typeDaniel Rhodes2016-03-011-1/+1
| | | | | | | | | | | | | | | | This change makes ping into a message type, which makes the whole protocol a lot more consistent. Also fixes hacks on the client side to make this all work.
| * Added welcome message type and fix test hacksDaniel Rhodes2016-03-011-4/+4
| |
* | Use AS::Executor / AS::Reloader to support reloading in ActionCableMatthew Draper2016-03-021-2/+3
|/
* Merge pull request #23813 from lifo/faye-websocketDavid Heinemeier Hansson2016-02-231-1/+8
|\ | | | | Improve Action Cable reconnection reliability
| * Confirm connection monitor subscription on openPratik Naik2016-02-231-1/+8
| |
* | Full Action Cable documentation read throughJon Moss2016-02-171-9/+9
|/ | | | | | | | | This PR checks all active Action Cable documentation for typos and other fixes. It aims to make sure that when Rails 5 is released, that the Action Cable docs are up to snuff with the other documentation included with Rails. [ci skip]
* Fix grammar `a` to `an` [ci skip]Ryuta Kamizono2016-02-131-1/+1
|
* Merge remote-tracking branch 'origin/master' into actioncable_loggingkp2016-02-101-1/+1
|\
| * Fix arguments to on_closeMatthew Draper2016-01-301-1/+1
| |
| * Revert "Revert "Eliminate the EventMachine dependency""Matthew Draper2016-01-301-12/+20
| |
| * Revert "Eliminate the EventMachine dependency"David Heinemeier Hansson2016-01-271-20/+12
| |
* | Logs successful and invalid connections separatelykp2016-02-101-8/+12
| |
* | adds debug logging to actioncable connectkp2016-01-261-2/+12
|/
* Import the relevant portions of faye-websocketMatthew Draper2016-01-241-12/+20
| | | | (as adapted to use concurrent-ruby / nio4r instead of eventmachine)
* Fix code review commentsJon Moss2016-01-181-1/+1
| | | | | | | - adapter -> pubsub (re)rename internally - Change variable names to match method names - Add EventMachine `~> 1.0` as a runtime dependency of ActionCable - Refactor dependency loading for adapters
* Pull the action methods directly onto the adapterMatthew Draper2016-01-181-1/+1
|
* Adapterize ActionCable storage and extract behaviorJon Moss2016-01-181-1/+1
|
* Revert "Merge pull request #22977 from rails/revert-22934-master"David Heinemeier Hansson2016-01-161-1/+1
| | | | | This reverts commit d0393fccffc118a5de37654aa222774b66123393, reversing changes made to 3b7ccadfc1c8dfec61af898167e1300b17f5cf25.
* Revert "Move async execution from celluloid to concurrent-ruby"David Heinemeier Hansson2016-01-081-1/+1
|
* Move async execution from celluloid to concurrent-rubyMike Perham2016-01-051-1/+1
| | | | | | | | | | | | | | This removes 8 runtime gem dependencies from Rails: ``` Using hitimes 1.2.3 Using timers 4.1.1 Using celluloid-essentials 0.20.5 Using celluloid-extras 0.20.5 Using celluloid-fsm 0.20.5 Using celluloid-pool 0.20.5 Using celluloid-supervision 0.20.5 Using celluloid 0.17.2 ```
* [ActionCable] remove not needed protected call and newlinesJan Habermann2015-12-251-8/+1
|
* Remove warnings from actioncableArun Agrawal2015-12-171-1/+3
| | | | Warnings coming from code and test are removed
* Get ready to merge into RailsDavid Heinemeier Hansson2015-12-141-0/+219