aboutsummaryrefslogtreecommitdiffstats
path: root/actioncable/lib/action_cable/server/configuration.rb
Commit message (Collapse)AuthorAgeFilesLines
* Permit same-origin connections by defaultMatthew Draper2016-10-111-1/+1
| | | | | | | | | | | | | | | | | WebSocket always defers the decision to the server, because it didn't have to deal with legacy compatibility... but the same-origin policy is still a reasonable default. Origin checks do not protect against a directly connecting attacker -- they can lie about their host, but can also lie about their origin. Origin checks protect against a connection from 3rd-party controlled script in a context where a victim browser's cookies will be passed along. And if an attacker has breached that protection, they've already compromised the HTTP session, so treating the WebSocket connection in the same way seems reasonable. In case this logic proves incorrect (or anyone just wants to be more paranoid), we retain a config option to disable it.
* Merge pull request #26568 from skateman/cable-sameorigin-as-hostMatthew Draper2016-10-111-1/+2
|\ | | | | | | Optionally allow ActionCable requests from the same host as origin
| * Optionally allow ActionCable requests from the same host as originDávid Halász2016-09-211-1/+2
| | | | | | | | | | | | | | When the `allow_same_origin_as_host` is set to `true`, the request forgery protection permits `HTTP_ORIGIN` values starting with the corresponding `proto://` prefix followed by `HTTP_HOST`. This way it is not required to specify the list of allowed URLs.
* | In-line the configuration points that only existed for Faye supportMatthew Draper2016-10-011-8/+0
| |
* | Remove Faye modeMatthew Draper2016-10-011-11/+3
|/ | | | No deprecation, because it was never documented.
* applies new string literal convention in actioncable/libXavier Noria2016-08-061-2/+2
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Properly support reloading for Action Cable channelsMatthew Draper2016-06-021-9/+1
|
* Cable: reconcile default worker pool size with low db conn pool sizeJeremy Daer2016-03-301-1/+1
| | | | | | | | | | | Whack it down from 100 to 4. Large worker pools means large db connection counts. We aren't set up for that by default and most apps won't need it out of the box. We're better off tuning the default worker pool for low traffic, low resource consumption apps. Those who have higher traffic will scale up to meet demand.
* Support faye-websocket + EventMachine as an optionMatthew Draper2016-03-021-1/+17
|
* Enable Action Cable routes by defaultJon Moss2016-02-241-1/+1
| | | | This also marks Action Cable routes as internal to Rails.
* Full Action Cable documentation read throughJon Moss2016-02-171-1/+1
| | | | | | | | | This PR checks all active Action Cable documentation for typos and other fixes. It aims to make sure that when Rails 5 is released, that the Action Cable docs are up to snuff with the other documentation included with Rails. [ci skip]
* Default connection class to ActionCable::Connection::Base.Kasper Timm Hansen2016-02-141-2/+2
| | | | | | | Instead of depending on ApplicationCable::Connection being defined at initialize we should inject it in the Railtie. Thus we can kill more setup in the tests too.
* Inject Rails' channel paths in engine.Kasper Timm Hansen2016-02-141-9/+2
| | | | | | | | | | | | | We were explicitly referencing Rails.root in ActionCable::Server::Configuration.initialize, thereby coupling ourselves to Rails. Instead add `app/channels` to Rails' app paths and assign the existent files to `channel_paths`. Users can still append to those load paths with `<<` and `push` in `config/application.rb`. This means we can remove the custom `Dir` lookup in `channel_paths` and the Rails and root definitions in the tests.
* Rename channels_path var and fix channel_paths method for ActionCable configSergey Novikov2016-01-231-5/+5
|
* Allow adding custom paths for action_cable channelsSergey Novikov2016-01-221-2/+4
|
* Merge pull request #22950 from maclover7/adapterize-storage-actioncableMatthew Draper2016-01-201-3/+21
|\ | | | | | | Adapterize storage for ActionCable
| * Fix code review commentsJon Moss2016-01-181-5/+14
| | | | | | | | | | | | | | - adapter -> pubsub (re)rename internally - Change variable names to match method names - Add EventMachine `~> 1.0` as a runtime dependency of ActionCable - Refactor dependency loading for adapters
| * Small PostgreSQL adapter refactors / cleanupJon Moss2016-01-181-1/+0
| | | | | | | | | | - Escape the channel name when subscribing in PG - Refactor popping the queue to make it easier to read
| * ActionCable::StorageAdapter ==> ActionCable::SubscriptionAdapterJon Moss2016-01-181-3/+5
| |
| * config_opts => cable, per @kaspthJon Moss2016-01-181-2/+2
| |
| * Refactor storage_adapterJon Moss2016-01-181-11/+3
| |
| * Adapterize ActionCable storage and extract behaviorJon Moss2016-01-181-2/+18
|/
* Don't log Action Cable to STDOUT in developmenteileencodes2015-12-171-8/+0
| | | | | | | | | | | | | | | | | | | | Logging Action Cable to STDOUT caused the development log to see double messages like this: ``` Started GET "/" for ::1 at 2015-12-17 15:21:34 -0500 Started GET "/" for ::1 at 2015-12-17 15:21:34 -0500 Processing by Rails::WelcomeController#index as HTML Processing by Rails::WelcomeController#index as HTML Rendered /welcome/index.html.erb (0.0ms) Rendered /welcome/index.html.erb (0.0ms) Completed 200 OK in 3ms (Views: 1.3ms | ActiveRecord: 0.0ms) Completed 200 OK in 3ms (Views: 1.3ms | ActiveRecord: 0.0ms) ``` Now that Action Cable is part of Rails it doesn't need it's own logger and will log to STDOUT via the local dev server here: https://github.com/rails/rails/blob/master/railties/lib/rails/commands/server.rb
* Move the require to the right placeRafael Mendonça França2015-12-151-2/+0
|
* Remove the default loggerRafael Mendonça França2015-12-151-1/+0
| | | | It should be configured through the railtie
* Configure the Action Cable's redis in the engineRafael Mendonça França2015-12-151-22/+1
| | | | This will decouple Action Cable from Rails.
* Get ready to merge into RailsDavid Heinemeier Hansson2015-12-141-0/+67
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 02:52:19 +0000