aboutsummaryrefslogtreecommitdiffstats
path: root/actioncable/lib/action_cable/connection
Commit message (Collapse)AuthorAgeFilesLines
* Describe what we are protectingAkira Matsuda2016-12-234-0/+8
|
* ActionCable::Connection::Base doc code sample syntax errorMSP-Greg2016-12-061-4/+1
|
* Permit same-origin connections by defaultMatthew Draper2016-10-111-2/+2
| | | | | | | | | | | | | | | | | WebSocket always defers the decision to the server, because it didn't have to deal with legacy compatibility... but the same-origin policy is still a reasonable default. Origin checks do not protect against a directly connecting attacker -- they can lie about their host, but can also lie about their origin. Origin checks protect against a connection from 3rd-party controlled script in a context where a victim browser's cookies will be passed along. And if an attacker has breached that protection, they've already compromised the HTTP session, so treating the WebSocket connection in the same way seems reasonable. In case this logic proves incorrect (or anyone just wants to be more paranoid), we retain a config option to disable it.
* Merge pull request #26568 from skateman/cable-sameorigin-as-hostMatthew Draper2016-10-111-0/+3
|\ | | | | | | Optionally allow ActionCable requests from the same host as origin
| * Optionally allow ActionCable requests from the same host as originDávid Halász2016-09-211-0/+3
| | | | | | | | | | | | | | When the `allow_same_origin_as_host` is set to `true`, the request forgery protection permits `HTTP_ORIGIN` values starting with the corresponding `proto://` prefix followed by `HTTP_HOST`. This way it is not required to specify the list of allowed URLs.
* | Close the IO from the read loop threadMatthew Draper2016-10-062-1/+1
| | | | | | | | | | | | | | | | IO#close and IO#read across threads don't get along so well: After T1 enters #read and releases the GVL, T2 can call #close on the IO, thereby both closing the fd and freeing the buffer while T1 is using them.
* | In-line the configuration points that only existed for Faye supportMatthew Draper2016-10-012-3/+3
| |
* | Remove Faye modeMatthew Draper2016-10-012-92/+0
| | | | | | | | No deprecation, because it was never documented.
* | Merge pull request #26547 from ↵Matthew Draper2016-10-011-1/+5
|\ \ | | | | | | | | | | | | | | | palkan/fix/actioncable-confirmation-race-condition Avoid race condition on subscription confirmation
| * | Add Channel#ensure_confirmation_sent; call #subscribe_to_channel after ↵palkan2016-09-221-2/+4
| | | | | | | | | | | | initializing
| * | [Fix #25381] Avoid race condition on subscription confirmationpalkan2016-09-201-1/+3
| | |
* | | Buffer writes to the cable socketsMatthew Draper2016-09-282-11/+92
| |/ |/| | | | | | | Otherwise, they can sometimes block, leading to reduced system throughput.
* | [ci skip] Fix formatting in Action Cable Connection::Base module docsPrathamesh Sonpatki2016-09-071-1/+1
|/
* fixes remaining RuboCop issues [Vipul A M, Xavier Noria]Xavier Noria2016-09-011-1/+1
|
* applies remaining conventions across the projectXavier Noria2016-08-061-3/+3
|
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-1/+1
|
* applies new string literal convention in actioncable/libXavier Noria2016-08-0610-41/+41
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Merge pull request #25624 from tinco/actioncable_write_raceMatthew Draper2016-07-091-2/+7
|\ | | | | | | Fix race condition in websocket stream write
| * fix race condition in websocket stream writeTinco Andringa2016-07-011-0/+4
| |
* | close hijacked i/o socket after use (fixes #25613)Tinco Andringa2016-07-011-0/+1
|/
* Properly support reloading for Action Cable channelsMatthew Draper2016-06-021-3/+3
|
* Pass over Action Cable docsJon Moss2016-05-211-1/+1
| | | | [ci skip]
* Fix typos in ActionCable Channel [ci skip]Tom Kadwill2016-04-181-1/+1
|
* Merge pull request #24224 from danielrhodes/actioncable-websocket-protocolsJeremy Daer2016-04-054-7/+21
|\ | | | | | | ActionCable protocol negotiation
| * Added protocol negotiationDaniel Rhodes2016-04-054-7/+21
| | | | | | | | | | | | | | | | | | This is primarily for backwards compatibility for when or if the protocol is changed in future versions. If the server fails to respond with an acceptable protocol, the client disconnects and disables the monitor.
* | Cable message encodingJeremy Daer2016-03-314-38/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Introduce a connection coder responsible for encoding Cable messages as WebSocket messages, defaulting to `ActiveSupport::JSON` and duck- typing to any object responding to `#encode` and `#decode`. * Consolidate encoding responsibility to the connection. No longer explicitly JSON-encode from channels or other sources. Pass Cable messages as Hashes to `#transmit` and rely on it to encode. * Introduce stream encoders responsible for decoding pubsub messages. Preserve the currently raw encoding, but make it easy to use JSON. Same duck type as the connection encoder. * Revert recent data normalization/quoting (#23649) which treated `identifier` and `data` values as nested JSON objects rather than as opaque JSON-encoded strings. That dealt us an awkward hand where we'd decode JSON strings… or not, but always encode as JSON. Embedding JSON object values directly is preferably, no extra JSON encoding, but that should be a purposeful protocol version change rather than ambiguously, inadvertently supporting multiple message formats.
* | Cable: fix Faye periodic timer shutdown typoJeremy Daer2016-03-241-1/+1
| |
* | Gracefully handle disconnected clientsJeremy Daer2016-03-203-1/+4
|/ | | | | | | | We'll get `Errno::ECONNRESET` if the client forcibly disconnected. Just close the socket rather than raising the exception. Handle other errors in `ClientSocket#write`, too, mirroring the Faye error handling which swallows all `StandardError` on write.
* Merge pull request #23992 from matthewd/em-optionMatthew Draper2016-03-047-12/+107
|\ | | | | Support faye-websocket + EventMachine as an option
| * Support faye-websocket + EventMachine as an optionMatthew Draper2016-03-027-12/+107
| |
* | Accept JSON with no backslashes/escapingJon Moss2016-03-021-6/+19
| | | | | | | | | | | | | | Fixes #22675 Allow channel identifiers and also data with no backslahes/escaping to be accepted by the subscription storer.
* | Merge pull request #23976 from danielrhodes/enhancement/ac-ping-to-message-typeMatthew Draper2016-03-021-5/+5
|\ \ | |/ |/| | | ActionCable: Add a "welcome" and "ping" message type
| * Make ping into a message typeDaniel Rhodes2016-03-011-1/+1
| | | | | | | | | | | | | | | | This change makes ping into a message type, which makes the whole protocol a lot more consistent. Also fixes hacks on the client side to make this all work.
| * Added welcome message type and fix test hacksDaniel Rhodes2016-03-011-4/+4
| |
* | Use AS::Executor / AS::Reloader to support reloading in ActionCableMatthew Draper2016-03-021-2/+3
|/
* The async.callback call should live with the hijackMatthew Draper2016-02-261-4/+5
| | | | If we're deferring one, we should defer the other too.
* Only hijack Rack socket when first neededJon Moss2016-02-242-10/+9
| | | | Fixes #23471
* Merge pull request #23813 from lifo/faye-websocketDavid Heinemeier Hansson2016-02-231-1/+8
|\ | | | | Improve Action Cable reconnection reliability
| * Confirm connection monitor subscription on openPratik Naik2016-02-231-1/+8
| |
* | Merge pull request #23668 from maclover7/cable-docsRafael França2016-02-224-15/+14
|\ \ | |/ |/| Full Action Cable documentation read through
| * Full Action Cable documentation read throughJon Moss2016-02-174-15/+14
| | | | | | | | | | | | | | | | | | This PR checks all active Action Cable documentation for typos and other fixes. It aims to make sure that when Rails 5 is released, that the Action Cable docs are up to snuff with the other documentation included with Rails. [ci skip]
* | Fix `unsubscribed` server side behaviorJon Moss2016-02-182-6/+3
|/ | | | | | | | | | | | | Before this commit, the `unsubscribed` callbacks in Action Cable server side channels were never called. This is because when a WebSocket "goodbye" message was sent from the client, the Action Cable server didn't properly clean up after the now closed WebSocket. This means that memory could possibly skyrocket with this behavior, since part of this commit is to properly remove closed subscriptions from the global subscriptions hash. Say you have 10,000 users currently connected, and then all 10,000 disconnect -- before this patch, Action Cable would still hold onto information (and Ruby objects!) for all of these now dead connections.
* Fix grammar `a` to `an` [ci skip]Ryuta Kamizono2016-02-131-1/+1
|
* Merge remote-tracking branch 'origin/master' into actioncable_loggingkp2016-02-103-26/+50
|\
| * Handle more IO errors (especially, ECONNRESET)Matthew Draper2016-01-301-21/+47
| | | | | | | | | | | | Also, address the possibility of the listen thread dying and needing to be respawned. As a bonus, we now defer construction of the thread until we are first given something to monitor.
| * Fix arguments to on_closeMatthew Draper2016-01-302-5/+3
| |
| * Revert "Revert "Eliminate the EventMachine dependency""Matthew Draper2016-01-306-22/+315
| |
| * Revert "Eliminate the EventMachine dependency"David Heinemeier Hansson2016-01-276-315/+22
| |
* | Logs successful and invalid connections separatelykp2016-02-101-8/+12
| |
* | adds debug logging to actioncable connectkp2016-01-261-2/+12
|/
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 11:46:47 +0000