2
1
mirror of https://github.com/Thream/socketio-jwt.git synced 2024-07-21 09:38:31 +02:00

Merge pull request #36 from TeamSynergy/cors_workaround

Cors workaround
This commit is contained in:
José F. Romaniello 2013-11-21 03:21:46 -08:00
commit bd0980e3ab
2 changed files with 22 additions and 4 deletions

View File

@ -121,9 +121,27 @@ passportSocketIo.filterSocketsByUser(io, function(user){
}); });
``` ```
## CORS-Workaround:
If you happen to have to work with Cross-Origin-Requests (marked by socket.io as `handshake.xdomain`) then here's a workaround:
### Clientside:
You have to provide the session-cookie. If you haven't set a name yet, do it like this: `app.use(express.session({ key: 'your.sid-key' }));`
```javascript
// Note: ther's no readCookie-function built in.
// Get your own in the internetz
socket = io.connect('//' + window.location.host, {
query: 'session_id=' + readCookie('your.sid-key')
});
```
### Serverside:
Nope, there's nothing to do on the server side. Just be sure that the cookies names match.
## Notes: ## Notes:
* Does **NOT** support cookie-based sessions. eg: `express.cookieSession` * Does **NOT** support cookie-based sessions. eg: `express.cookieSession`
* If the connection fails, check if you are requesting from a client via CORS. Check `socket.handshake.xdomain === true` as there are no cookies sent. * If the connection fails, check if you are requesting from a client via CORS. Check `socket.handshake.xdomain === true` as there are no cookies sent. For a workaround look at the code above.
## Contribute ## Contribute
You are always welcome to open an issue or provide a pull-request! You are always welcome to open an issue or provide a pull-request!

View File

@ -35,13 +35,13 @@ function authorize(options) {
return function(data, accept){ return function(data, accept){
data.cookie = parseCookie(auth, data.headers.cookie || ''); data.cookie = parseCookie(auth, data.headers.cookie || '');
data.sessionID = data.cookie[auth.key] || ''; data.sessionID = data.query.session_id || data.cookie[auth.key] || '';
data[auth.userProperty] = { data[auth.userProperty] = {
logged_in: false logged_in: false
}; };
if(data.xdomain) if(data.xdomain && !data.sessionID)
return auth.fail(data, 'Can not read cookies from CORS-Requests.', false, accept); return auth.fail(data, 'Can not read cookies from CORS-Requests. See CORS-Workaround in the readme.', false, accept);
auth.store.get(data.sessionID, function(err, session){ auth.store.get(data.sessionID, function(err, session){
if(err) if(err)