livebook-dev/livebook
1
1
Fork 0
mirror of https://github.com/livebook-dev/livebook.git synced 2025-12-10 13:46:13 +08:00
Code Issues Projects Releases Packages Wiki Activity

Don't check request origin for WebSockets connection (#78)

Browse source
This commit is contained in:
Jonatan Kłosko 2021-03-17 11:16:40 +01:00 committed by GitHub
parent 8b37e32e3a
commit 8b3a7bec6b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/livebook_web/endpoint.ex
View file

@ -11,7 +11,10 @@ defmodule LivebookWeb.Endpoint do
] ]
socket "/live", Phoenix.LiveView.Socket, socket "/live", Phoenix.LiveView.Socket,
websocket: [connect_info: [:user_agent, session: @session_options]] # Don't check the origin as we don't know how the web app is gonna be accessed.
# It runs locally, but may be exposed via IP or domain name.
# The WebSocket connection is already protected from CSWSH by using CSRF token.
websocket: [check_origin: false, connect_info: [:user_agent, session: @session_options]]
# We use Escript for distributing Livebook, so we don't # We use Escript for distributing Livebook, so we don't
# have access to the files in priv/static at runtime in the prod environment. # have access to the files in priv/static at runtime in the prod environment.