aboutsummaryrefslogtreecommitdiffstats
path: root/actioncable/test/connection
Commit message (Collapse)AuthorAgeFilesLines
* Permit same-origin connections by defaultMatthew Draper2016-10-111-1/+2
| | | | | | | | | | | | | | | | | WebSocket always defers the decision to the server, because it didn't have to deal with legacy compatibility... but the same-origin policy is still a reasonable default. Origin checks do not protect against a directly connecting attacker -- they can lie about their host, but can also lie about their origin. Origin checks protect against a connection from 3rd-party controlled script in a context where a victim browser's cookies will be passed along. And if an attacker has breached that protection, they've already compromised the HTTP session, so treating the WebSocket connection in the same way seems reasonable. In case this logic proves incorrect (or anyone just wants to be more paranoid), we retain a config option to disable it.
* Merge pull request #26568 from skateman/cable-sameorigin-as-hostMatthew Draper2016-10-111-0/+8
|\ | | | | | | Optionally allow ActionCable requests from the same host as origin
| * Optionally allow ActionCable requests from the same host as originDávid Halász2016-09-211-0/+8
| | | | | | | | | | | | | | When the `allow_same_origin_as_host` is set to `true`, the request forgery protection permits `HTTP_ORIGIN` values starting with the corresponding `proto://` prefix followed by `HTTP_HOST`. This way it is not required to specify the list of allowed URLs.
* | Wait for the socket to be closed asynchronouslyMatthew Draper2016-10-061-2/+10
| |
* | Remove Faye modeMatthew Draper2016-10-012-6/+0
|/ | | | No deprecation, because it was never documented.
* remove redundant curlies from hash argumentsXavier Noria2016-08-061-2/+2
|
* applies new string literal convention in actioncable/testXavier Noria2016-08-069-85/+85
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* close hijacked i/o socket after use (fixes #25613)Tinco Andringa2016-07-011-0/+14
|
* Properly support reloading for Action Cable channelsMatthew Draper2016-06-021-1/+0
|
* - Fixed ActionCable::Connection::ClientSocketTest that was overriding ↵Vipul A M2016-04-152-5/+3
| | | | | | ActionCable::Connection::StreamTest test name - Only add attr_readers for required attributes
* Cable message encodingJeremy Daer2016-03-312-5/+3
| | | | | | | | | | | | | | | | | | | * Introduce a connection coder responsible for encoding Cable messages as WebSocket messages, defaulting to `ActiveSupport::JSON` and duck- typing to any object responding to `#encode` and `#decode`. * Consolidate encoding responsibility to the connection. No longer explicitly JSON-encode from channels or other sources. Pass Cable messages as Hashes to `#transmit` and rely on it to encode. * Introduce stream encoders responsible for decoding pubsub messages. Preserve the currently raw encoding, but make it easy to use JSON. Same duck type as the connection encoder. * Revert recent data normalization/quoting (#23649) which treated `identifier` and `data` values as nested JSON objects rather than as opaque JSON-encoded strings. That dealt us an awkward hand where we'd decode JSON strings… or not, but always encode as JSON. Embedding JSON object values directly is preferably, no extra JSON encoding, but that should be a purposeful protocol version change rather than ambiguously, inadvertently supporting multiple message formats.
* Gracefully handle disconnected clientsJeremy Daer2016-03-202-0/+132
| | | | | | | | We'll get `Errno::ECONNRESET` if the client forcibly disconnected. Just close the socket rather than raising the exception. Handle other errors in `ClientSocket#write`, too, mirroring the Faye error handling which swallows all `StandardError` on write.
* Merge pull request #23992 from matthewd/em-optionMatthew Draper2016-03-047-9/+10
|\ | | | | Support faye-websocket + EventMachine as an option
| * Support faye-websocket + EventMachine as an optionMatthew Draper2016-03-027-9/+10
| |
* | Accept JSON with no backslashes/escapingJon Moss2016-03-021-2/+2
| | | | | | | | | | | | | | Fixes #22675 Allow channel identifiers and also data with no backslahes/escaping to be accepted by the subscription storer.
* | Added welcome message type and fix test hacksDaniel Rhodes2016-03-011-1/+1
|/
* Only hijack Rack socket when first neededJon Moss2016-02-241-0/+20
| | | | Fixes #23471
* Confirm connection monitor subscription on openPratik Naik2016-02-231-1/+1
|
* Revert "Revert "Eliminate the EventMachine dependency""Matthew Draper2016-01-303-13/+14
|
* Revert "Eliminate the EventMachine dependency"David Heinemeier Hansson2016-01-273-14/+13
|
* Import the relevant portions of faye-websocketMatthew Draper2016-01-243-7/+7
| | | | (as adapted to use concurrent-ruby / nio4r instead of eventmachine)
* Using a hacked faye-websocket, drop EventMachineMatthew Draper2016-01-241-6/+7
|
* Fix code review commentsJon Moss2016-01-181-4/+4
| | | | | | | - adapter -> pubsub (re)rename internally - Change variable names to match method names - Add EventMachine `~> 1.0` as a runtime dependency of ActionCable - Refactor dependency loading for adapters
* Tests passing and small refactoringJon Moss2016-01-181-5/+5
|
* Revert "Merge pull request #22977 from rails/revert-22934-master"David Heinemeier Hansson2016-01-165-5/+0
| | | | | This reverts commit d0393fccffc118a5de37654aa222774b66123393, reversing changes made to 3b7ccadfc1c8dfec61af898167e1300b17f5cf25.
* Revert "Move async execution from celluloid to concurrent-ruby"David Heinemeier Hansson2016-01-085-0/+5
|
* Remove celluloid referencesMike Perham2016-01-055-5/+0
|
* Remove warnings from actioncableArun Agrawal2015-12-171-1/+1
| | | | Warnings coming from code and test are removed
* Get ready to merge into RailsDavid Heinemeier Hansson2015-12-147-0/+510