| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WebSocket always defers the decision to the server, because it didn't
have to deal with legacy compatibility... but the same-origin policy is
still a reasonable default.
Origin checks do not protect against a directly connecting attacker --
they can lie about their host, but can also lie about their origin.
Origin checks protect against a connection from 3rd-party controlled
script in a context where a victim browser's cookies will be passed
along. And if an attacker has breached that protection, they've already
compromised the HTTP session, so treating the WebSocket connection in
the same way seems reasonable.
In case this logic proves incorrect (or anyone just wants to be more
paranoid), we retain a config option to disable it.
|
| |\
| |
| |
| | |
Optionally allow ActionCable requests from the same host as origin
|
| | |
| |
| |
| |
| |
| |
| | |
When the `allow_same_origin_as_host` is set to `true`, the request
forgery protection permits `HTTP_ORIGIN` values starting with the
corresponding `proto://` prefix followed by `HTTP_HOST`. This way
it is not required to specify the list of allowed URLs.
|
| | |
| |
| |
| |
| | |
Different parts of concurrent-ruby's documentation make inconsistent
claims about how kill will behave. It doesn't do the thing we want.
|
| | | |
|
| | | |
|
| |/
|
|
| |
No deprecation, because it was never documented.
|
| |
|
|
| |
AC::Server::Base
|
| |
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
| |\
| |
| | |
Add ActiveSupport::Notifications hook to ActionCable::Server.broadcast
|
| | |
| |
| |
| |
| | |
This addition of this notification hook will give users better visibility
into the messages being sent over the PubSub adapter.
|
| | | |
|
| | | |
|
| |/
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
| |
* Use separate stream handler builders for easy override and testing.
* Fix worker pool execution that was silently failing since it only
expected connection receivers.
Sparked by code in #24162.
|
| |
|
|
|
|
|
|
|
| |
* Rewrite docs
* Support blocks in addition to method names and Proc args
* Check for valid arguments
* Convert `periodically :method_name` to Proc callbacks
* Drop periodic runner methods from the worker pool
* Ensure we clear active periodic timers after shutdown
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Introduce a connection coder responsible for encoding Cable messages
as WebSocket messages, defaulting to `ActiveSupport::JSON` and duck-
typing to any object responding to `#encode` and `#decode`.
* Consolidate encoding responsibility to the connection. No longer
explicitly JSON-encode from channels or other sources. Pass Cable
messages as Hashes to `#transmit` and rely on it to encode.
* Introduce stream encoders responsible for decoding pubsub messages.
Preserve the currently raw encoding, but make it easy to use JSON.
Same duck type as the connection encoder.
* Revert recent data normalization/quoting (#23649) which treated
`identifier` and `data` values as nested JSON objects rather than as
opaque JSON-encoded strings. That dealt us an awkward hand where we'd
decode JSON strings… or not, but always encode as JSON. Embedding
JSON object values directly is preferably, no extra JSON encoding,
but that should be a purposeful protocol version change rather than
ambiguously, inadvertently supporting multiple message formats.
|
| |
|
|
|
|
|
|
|
|
|
| |
Whack it down from 100 to 4.
Large worker pools means large db connection counts. We aren't set up
for that by default and most apps won't need it out of the box.
We're better off tuning the default worker pool for low traffic, low
resource consumption apps. Those who have higher traffic will scale up
to meet demand.
|
| | |
|
| | |
|
| |\
| |
| | |
Ensure actioncable behaves as expected with non-string queues
|
| | |
| |
| |
| |
| |
| | |
Similar to the channel streaming side, these values must be strings for
ActionCable to behave as expected. The conversion will allow users to
send string-convertible values and get the expected behavior.
|
| |/
|
|
| |
This also marks Action Cable routes as internal to Rails.
|
| |
|
|
|
|
|
|
|
| |
This PR checks all active Action Cable documentation for typos and other
fixes. It aims to make sure that when Rails 5 is released, that the
Action Cable docs are up to snuff with the other documentation included
with Rails.
[ci skip]
|
| |\
| |
| | |
Inject Rails related configuration through Railtie
|
| | |
| |
| |
| |
| |
| |
| | |
Instead of depending on ApplicationCable::Connection being defined at initialize
we should inject it in the Railtie.
Thus we can kill more setup in the tests too.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We were explicitly referencing Rails.root in ActionCable::Server::Configuration.initialize,
thereby coupling ourselves to Rails.
Instead add `app/channels` to Rails' app paths and assign the existent files
to `channel_paths`.
Users can still append to those load paths with `<<` and `push` in `config/application.rb`.
This means we can remove the custom `Dir` lookup in `channel_paths` and the Rails
and root definitions in the tests.
|
| |/ |
|
| |
|
|
|
|
|
|
| |
* Properly indent code sample in ActionCable::Channel::Streams
* Add a doc comment for #stop_all_streams
* Reformat + add <tt> blocks around code references in ActionCable::Base docs
* Clarify and a little better grammar on ActionCable::RemoteConnections
* Correct indentation and clean up ActionCable::Server::Broadcasting code sample
|
| |
|
|
| |
They're all at risk of races on the first requests.
|
| | |
|
| | |
|
| |\
| |
| | |
ActionCable: Allow adding custom paths for channels
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
(as adapted to use concurrent-ruby / nio4r instead of eventmachine)
|
| |/ |
|
| |\
| |
| |
| | |
Adapterize storage for ActionCable
|
| | |
| |
| |
| |
| |
| |
| | |
- adapter -> pubsub (re)rename internally
- Change variable names to match method names
- Add EventMachine `~> 1.0` as a runtime dependency of ActionCable
- Refactor dependency loading for adapters
|
| | |
| |
| |
| |
| | |
- Escape the channel name when subscribing in PG
- Refactor popping the queue to make it easier to read
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
| |
This reverts commit d0393fccffc118a5de37654aa222774b66123393, reversing
changes made to 3b7ccadfc1c8dfec61af898167e1300b17f5cf25.
|
| | |
|
