feat: close #7002, console message if mismatched origins

6 years ago · 89c025d102
parent 43c3bb02e5
commit 89c025d102
3 changed files with 22 additions and 13 deletions
--- a/public/src/sockets.js
+++ b/public/src/sockets.js
@ -150,4 +150,16 @@ app.isConnected = false;
 			},
 		});
 	}
+
+	if (
+		config.socketioOrigins
+		&& config.socketioOrigins !== '*'
+		&& config.socketioOrigins.indexOf(location.hostname) === -1
+	) {
+		console.error(
+			'You are accessing the forum from an unknown origin. This will likely result in websockets failing to connect. \n'
+			+ 'To fix this, set the `"url"` value in `config.json` to the URL at which you access the site. \n'
+			+ 'For more information, see this FAQ topic: https://community.nodebb.org/topic/13388'
+		);
+	}
 }());
--- a/src/controllers/api.js
+++ b/src/controllers/api.js
@ -40,6 +40,7 @@ apiController.loadConfig = function (req, callback) {
 	config.disableChatMessageEditing = meta.config.disableChatMessageEditing === 1;
 	config.maximumChatMessageLength = meta.config.maximumChatMessageLength || 1000;
 	config.socketioTransports = nconf.get('socket.io:transports') || ['polling', 'websocket'];
+	config.socketioOrigins = nconf.get('socket.io:origins');
 	config.websocketAddress = nconf.get('socket.io:address') || '';
 	config.maxReconnectionAttempts = meta.config.maxReconnectionAttempts || 5;
 	config.reconnectionDelay = meta.config.reconnectionDelay || 1500;
--- a/src/socket.io/index.js
+++ b/src/socket.io/index.js
@ -46,20 +46,16 @@ Sockets.init = function (server) {
 	 * Can be overridden via config (socket.io:origins)
 	 */
 	if (process.env.NODE_ENV !== 'development') {
-		var domain = nconf.get('cookieDomain');
-		var parsedUrl = url.parse(nconf.get('url'));
-		var override = nconf.get('socket.io:origins');
-		if (!domain) {
-			domain = parsedUrl.hostname;	// cookies don't provide isolation by port: http://stackoverflow.com/a/16328399/122353
-		}
+		const parsedUrl = url.parse(nconf.get('url'));

-		if (!override) {
-			io.origins(parsedUrl.protocol + '//' + domain + ':*');
-			winston.info('[socket.io] Restricting access to origin: ' + parsedUrl.protocol + '//' + domain + ':*');
-		} else {
-			io.origins(override);
-			winston.info('[socket.io] Restricting access to origin: ' + override);
-		}
+		// cookies don't provide isolation by port: http://stackoverflow.com/a/16328399/122353
+		const domain = nconf.get('cookieDomain') || parsedUrl.hostname;
+
+		const origins = nconf.get('socket.io:origins') || `${parsedUrl.protocol}//${domain}:*`;
+		nconf.set('socket.io:origins', origins);
+
+		io.origins(origins);
+		winston.info('[socket.io] Restricting access to origin: ' + origins);
 	}

 	io.listen(server, {