agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-03 06:09:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow an empty origin request in real-time

Browse Source 
This will only happen with a same-origin request (or if someone has
tampered with the request - in which case they could set anything).

Co-authored-by: Tim Down <158919+timdown@users.noreply.github.com>
GitOrigin-RevId: 9dfe49f974a476bfe215768d3984dd60a381d37a
This commit is contained in:
Andrew Rumble
2025-05-14 12:59:59 +01:00
committed by Copybot
parent feebb77556
commit 0b1f56eabf
3 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package-lock.json
Generated
+1 -1
View File
@@ -44351,7 +44351,7 @@
"lodash": "^4.17.21",
"proxy-addr": "^2.0.7",
"request": "^2.88.2",
"socket.io": "github:overleaf/socket.io#0.9.19-overleaf-11",
"socket.io": "github:overleaf/socket.io#0.9.19-overleaf-12",
"socket.io-client": "github:overleaf/socket.io-client#0.9.17-overleaf-5"
},
"devDependencies": {
services/real-time/app.js
+5
View File
@@ -91,6 +91,11 @@ io.configure(function () {
)
io.set('origins', function (origin, req) {
if (!origin) {
// There is no origin or referer header - this is likely a same-site request.
logger.warn({ req }, 'No origin or referer header')
return true
}
const normalizedOrigin = URL.parse(origin).origin
const originIsValid = allowedCorsOriginsRegex.test(normalizedOrigin)
services/real-time/package.json
+1 -1
View File
@@ -34,7 +34,7 @@
"lodash": "^4.17.21",
"proxy-addr": "^2.0.7",
"request": "^2.88.2",
"socket.io": "github:overleaf/socket.io#0.9.19-overleaf-11",
"socket.io": "github:overleaf/socket.io#0.9.19-overleaf-12",
"socket.io-client": "github:overleaf/socket.io-client#0.9.17-overleaf-5"
},
"devDependencies": {