aboutsummaryrefslogtreecommitdiffstats
path: root/actioncable/lib/action_cable/server
Commit message (Collapse)AuthorAgeFilesLines
* Permit same-origin connections by defaultMatthew Draper2016-10-111-1/+1
| | | | | | | | | | | | | | | | | WebSocket always defers the decision to the server, because it didn't have to deal with legacy compatibility... but the same-origin policy is still a reasonable default. Origin checks do not protect against a directly connecting attacker -- they can lie about their host, but can also lie about their origin. Origin checks protect against a connection from 3rd-party controlled script in a context where a victim browser's cookies will be passed along. And if an attacker has breached that protection, they've already compromised the HTTP session, so treating the WebSocket connection in the same way seems reasonable. In case this logic proves incorrect (or anyone just wants to be more paranoid), we retain a config option to disable it.
* Merge pull request #26568 from skateman/cable-sameorigin-as-hostMatthew Draper2016-10-111-1/+2
|\ | | | | | | Optionally allow ActionCable requests from the same host as origin
| * Optionally allow ActionCable requests from the same host as originDávid Halász2016-09-211-1/+2
| | | | | | | | | | | | | | When the `allow_same_origin_as_host` is set to `true`, the request forgery protection permits `HTTP_ORIGIN` values starting with the corresponding `proto://` prefix followed by `HTTP_HOST`. This way it is not required to specify the list of allowed URLs.
* | Shut down the worker pool - don't kill itMatthew Draper2016-10-031-1/+1
| | | | | | | | | | Different parts of concurrent-ruby's documentation make inconsistent claims about how kill will behave. It doesn't do the thing we want.
* | Move behavior to Server::Base, and flush pubsubJon Moss2016-10-021-2/+6
| |
* | In-line the configuration points that only existed for Faye supportMatthew Draper2016-10-012-9/+1
| |
* | Remove Faye modeMatthew Draper2016-10-011-11/+3
|/ | | | No deprecation, because it was never documented.
* [ci skip] Fix formatting of documentation of worker_pool method from ↵Prathamesh Sonpatki2016-09-071-1/+1
| | | | AC::Server::Base
* applies new string literal convention in actioncable/libXavier Noria2016-08-063-6/+6
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Merge pull request #24988 from mwear/action_cable_broadcast_notificationsMatthew Draper2016-07-041-2/+6
|\ | | | | Add ActiveSupport::Notifications hook to ActionCable::Server.broadcast
| * Add ActiveSupport::Notifications hook to Broadcaster#broadcastMatthew Wear2016-05-121-2/+6
| | | | | | | | | | This addition of this notification hook will give users better visibility into the messages being sent over the PubSub adapter.
* | Periodic timers: delegate async instance_exec to the worker poolJeremy Daer2016-06-291-4/+8
| |
* | Properly support reloading for Action Cable channelsMatthew Draper2016-06-022-22/+4
| |
* | Pass over Action Cable docsJon Moss2016-05-211-3/+3
|/ | | | [ci skip]
* Cable: Extract stream handler constructionJeremy Daer2016-04-181-8/+10
| | | | | | | | * Use separate stream handler builders for easy override and testing. * Fix worker pool execution that was silently failing since it only expected connection receivers. Sparked by code in #24162.
* Cable: Periodic timers refreshJeremy Daer2016-04-181-12/+0
| | | | | | | | | * Rewrite docs * Support blocks in addition to method names and Proc args * Check for valid arguments * Convert `periodically :method_name` to Proc callbacks * Drop periodic runner methods from the worker pool * Ensure we clear active periodic timers after shutdown
* Cable message encodingJeremy Daer2016-03-311-9/+10
| | | | | | | | | | | | | | | | | | | * Introduce a connection coder responsible for encoding Cable messages as WebSocket messages, defaulting to `ActiveSupport::JSON` and duck- typing to any object responding to `#encode` and `#decode`. * Consolidate encoding responsibility to the connection. No longer explicitly JSON-encode from channels or other sources. Pass Cable messages as Hashes to `#transmit` and rely on it to encode. * Introduce stream encoders responsible for decoding pubsub messages. Preserve the currently raw encoding, but make it easy to use JSON. Same duck type as the connection encoder. * Revert recent data normalization/quoting (#23649) which treated `identifier` and `data` values as nested JSON objects rather than as opaque JSON-encoded strings. That dealt us an awkward hand where we'd decode JSON strings… or not, but always encode as JSON. Embedding JSON object values directly is preferably, no extra JSON encoding, but that should be a purposeful protocol version change rather than ambiguously, inadvertently supporting multiple message formats.
* Cable: reconcile default worker pool size with low db conn pool sizeJeremy Daer2016-03-302-2/+12
| | | | | | | | | | | Whack it down from 100 to 4. Large worker pools means large db connection counts. We aren't set up for that by default and most apps won't need it out of the box. We're better off tuning the default worker pool for low traffic, low resource consumption apps. Those who have higher traffic will scale up to meet demand.
* Support faye-websocket + EventMachine as an optionMatthew Draper2016-03-023-9/+25
|
* Use AS::Executor / AS::Reloader to support reloading in ActionCableMatthew Draper2016-03-023-22/+39
|
* Merge pull request #23811 from iamvery/string-channelDavid Heinemeier Hansson2016-02-281-1/+1
|\ | | | | Ensure actioncable behaves as expected with non-string queues
| * Ensure server broadcasts are to string queue namesJay Hayes2016-02-241-1/+1
| | | | | | | | | | | | Similar to the channel streaming side, these values must be strings for ActionCable to behave as expected. The conversion will allow users to send string-convertible values and get the expected behavior.
* | Enable Action Cable routes by defaultJon Moss2016-02-241-1/+1
|/ | | | This also marks Action Cable routes as internal to Rails.
* Full Action Cable documentation read throughJon Moss2016-02-176-21/+19
| | | | | | | | | This PR checks all active Action Cable documentation for typos and other fixes. It aims to make sure that when Rails 5 is released, that the Action Cable docs are up to snuff with the other documentation included with Rails. [ci skip]
* Merge pull request #23505 from kaspth/inject-rails-config-through-railtieKasper Timm Hansen2016-02-141-11/+4
|\ | | | | Inject Rails related configuration through Railtie
| * Default connection class to ActionCable::Connection::Base.Kasper Timm Hansen2016-02-141-2/+2
| | | | | | | | | | | | | | Instead of depending on ApplicationCable::Connection being defined at initialize we should inject it in the Railtie. Thus we can kill more setup in the tests too.
| * Inject Rails' channel paths in engine.Kasper Timm Hansen2016-02-141-9/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | We were explicitly referencing Rails.root in ActionCable::Server::Configuration.initialize, thereby coupling ourselves to Rails. Instead add `app/channels` to Rails' app paths and assign the existent files to `channel_paths`. Users can still append to those load paths with `<<` and `push` in `config/application.rb`. This means we can remove the custom `Dir` lookup in `channel_paths` and the Rails and root definitions in the tests.
* | Fix grammar `a` to `an` [ci skip]Ryuta Kamizono2016-02-131-1/+1
|/
* [ci skip] Several ActionCable documentation updates:Nick Quaranto2016-02-021-11/+11
| | | | | | | | * Properly indent code sample in ActionCable::Channel::Streams * Add a doc comment for #stop_all_streams * Reformat + add <tt> blocks around code references in ActionCable::Base docs * Clarify and a little better grammar on ActionCable::RemoteConnections * Correct indentation and clean up ActionCable::Server::Broadcasting code sample
* Synchronize the lazy setters in ServerMatthew Draper2016-01-301-7/+16
| | | | They're all at risk of races on the first requests.
* Revert "Revert "Eliminate the EventMachine dependency""Matthew Draper2016-01-302-5/+7
|
* Revert "Eliminate the EventMachine dependency"David Heinemeier Hansson2016-01-272-7/+5
|
* Merge pull request #23185 from droptheplot/actioncable-custom-channelsKasper Timm Hansen2016-01-241-3/+5
|\ | | | | ActionCable: Allow adding custom paths for channels
| * Rename channels_path var and fix channel_paths method for ActionCable configSergey Novikov2016-01-231-5/+5
| |
| * Allow adding custom paths for action_cable channelsSergey Novikov2016-01-221-2/+4
| |
* | Import the relevant portions of faye-websocketMatthew Draper2016-01-241-0/+4
| | | | | | | | (as adapted to use concurrent-ruby / nio4r instead of eventmachine)
* | Using a hacked faye-websocket, drop EventMachineMatthew Draper2016-01-241-5/+3
|/
* Merge pull request #22950 from maclover7/adapterize-storage-actioncableMatthew Draper2016-01-203-26/+24
|\ | | | | | | Adapterize storage for ActionCable
| * Fix code review commentsJon Moss2016-01-183-8/+17
| | | | | | | | | | | | | | - adapter -> pubsub (re)rename internally - Change variable names to match method names - Add EventMachine `~> 1.0` as a runtime dependency of ActionCable - Refactor dependency loading for adapters
| * Small PostgreSQL adapter refactors / cleanupJon Moss2016-01-181-1/+0
| | | | | | | | | | - Escape the channel name when subscribing in PG - Refactor popping the queue to make it easier to read
| * ActionCable::StorageAdapter ==> ActionCable::SubscriptionAdapterJon Moss2016-01-182-4/+6
| |
| * config_opts => cable, per @kaspthJon Moss2016-01-181-2/+2
| |
| * Tests passing and small refactoringJon Moss2016-01-181-1/+1
| |
| * Pull the action methods directly onto the adapterMatthew Draper2016-01-182-4/+3
| |
| * Refactor storage_adapterJon Moss2016-01-181-11/+3
| |
| * Adapterize ActionCable storage and extract behaviorJon Moss2016-01-183-25/+22
|/
* Fix the updated API (this sorts the concurrent-ruby switch with Basecamp)David Heinemeier Hansson2016-01-161-1/+1
|
* Revert "Merge pull request #22977 from rails/revert-22934-master"David Heinemeier Hansson2016-01-162-16/+42
| | | | | This reverts commit d0393fccffc118a5de37654aa222774b66123393, reversing changes made to 3b7ccadfc1c8dfec61af898167e1300b17f5cf25.
* Revert "Move async execution from celluloid to concurrent-ruby"David Heinemeier Hansson2016-01-082-42/+16
|
* don't need explicit dep and a pretty neat pickMike Perham2016-01-051-1/+1
|