mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-16 09:51:59 +03:00
02d80c9ac6
* read cookie while initialising websocket connection (fix #1660) * add tests for cookie on websocket init * fix logic for tests * enforce cors, and flag to force read cookie when cors disabled - as browsers don't enforce SOP on websockets, we enforce CORS policy on websocket handshake - if CORS is disabled, by default cookie is not read (because XSS risk!). Add special flag to force override this behaviour * add log and forward origin header to webhook - add log notice when cors is disabled, and cookie is not read on websocket handshake - forward origin header to webhook in POST mode. So that when CORS is disabled, webhook can also enforce CORS independently. * add docs, and forward all client headers to webhook |
||
|---|---|---|
| .. | ||
| Auth | ||
| App.hs | ||
| Auth.hs | ||
| CheckUpdates.hs | ||
| Cors.hs | ||
| Init.hs | ||
| Logging.hs | ||
| Middleware.hs | ||
| Query.hs | ||
| Telemetry.hs | ||
| Utils.hs | ||
| Version.hs | ||