Merge pull request #36 from TeamSynergy/cors_workaround
Cors workaround
This commit is contained in:
commit
bd0980e3ab
20
README.md
20
README.md
@ -121,9 +121,27 @@ passportSocketIo.filterSocketsByUser(io, function(user){
|
|||||||
});
|
});
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## CORS-Workaround:
|
||||||
|
If you happen to have to work with Cross-Origin-Requests (marked by socket.io as `handshake.xdomain`) then here's a workaround:
|
||||||
|
|
||||||
|
### Clientside:
|
||||||
|
You have to provide the session-cookie. If you haven't set a name yet, do it like this: `app.use(express.session({ key: 'your.sid-key' }));`
|
||||||
|
```javascript
|
||||||
|
// Note: ther's no readCookie-function built in.
|
||||||
|
// Get your own in the internetz
|
||||||
|
socket = io.connect('//' + window.location.host, {
|
||||||
|
query: 'session_id=' + readCookie('your.sid-key')
|
||||||
|
});
|
||||||
|
```
|
||||||
|
|
||||||
|
### Serverside:
|
||||||
|
Nope, there's nothing to do on the server side. Just be sure that the cookies names match.
|
||||||
|
|
||||||
|
|
||||||
## Notes:
|
## Notes:
|
||||||
* Does **NOT** support cookie-based sessions. eg: `express.cookieSession`
|
* Does **NOT** support cookie-based sessions. eg: `express.cookieSession`
|
||||||
* If the connection fails, check if you are requesting from a client via CORS. Check `socket.handshake.xdomain === true` as there are no cookies sent.
|
* If the connection fails, check if you are requesting from a client via CORS. Check `socket.handshake.xdomain === true` as there are no cookies sent. For a workaround look at the code above.
|
||||||
|
|
||||||
|
|
||||||
## Contribute
|
## Contribute
|
||||||
You are always welcome to open an issue or provide a pull-request!
|
You are always welcome to open an issue or provide a pull-request!
|
||||||
|
@ -35,13 +35,13 @@ function authorize(options) {
|
|||||||
|
|
||||||
return function(data, accept){
|
return function(data, accept){
|
||||||
data.cookie = parseCookie(auth, data.headers.cookie || '');
|
data.cookie = parseCookie(auth, data.headers.cookie || '');
|
||||||
data.sessionID = data.cookie[auth.key] || '';
|
data.sessionID = data.query.session_id || data.cookie[auth.key] || '';
|
||||||
data[auth.userProperty] = {
|
data[auth.userProperty] = {
|
||||||
logged_in: false
|
logged_in: false
|
||||||
};
|
};
|
||||||
|
|
||||||
if(data.xdomain)
|
if(data.xdomain && !data.sessionID)
|
||||||
return auth.fail(data, 'Can not read cookies from CORS-Requests.', false, accept);
|
return auth.fail(data, 'Can not read cookies from CORS-Requests. See CORS-Workaround in the readme.', false, accept);
|
||||||
|
|
||||||
auth.store.get(data.sessionID, function(err, session){
|
auth.store.get(data.sessionID, function(err, session){
|
||||||
if(err)
|
if(err)
|
||||||
|
Reference in New Issue
Block a user