search

chairemobilite / transition

Transition is a modern new approach to transit planning. It's a web application to model, simulate and plan public transit and alternative transportation.
http://transition.city
MIT License
20 stars 13 forks source link

Secure socket.io origin #83

Open tahini opened 2 years ago

tahini commented 2 years ago

We introduced socket.io 2.4, which adds additional security for socket.io origin. A commit restores the previous unsecure behavior (accepting any origin).

We should make sure origin is secured, either by using the HOST environment variable to set the origin. We will have to test survey and transition, as well as deployments.

Also consider upgrading socket.io to v3 while doing this.

greenscientist commented 4 months ago

And at this point, we could upgrade to socket.io v4...