From c127ca982c93104528cb9b47de9dabe6910b1317 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A1vid=20Hal=C3=A1sz?= Date: Sat, 15 Dec 2018 23:10:17 +0100 Subject: [PATCH] Detach actioncable from the WebsocketServer and run it with the UI --- config/application.rb | 6 ++++-- config/routes.rb | 2 +- lib/websocket_server.rb | 3 --- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/config/application.rb b/config/application.rb index a3b39a30045d..13b22f5b164a 100644 --- a/config/application.rb +++ b/config/application.rb @@ -84,8 +84,10 @@ class Application < Rails::Application # Disable ActionCable's request forgery protection # This is basically matching a set of allowed origins which is not good for us - # Our own origin-host forgery protection is implemented in lib/websocket_server.rb - Rails.application.config.action_cable.disable_request_forgery_protection = true + config.action_cable.disable_request_forgery_protection = false + # Matching the origin against the HOST header is much more convenient + config.action_cable.allow_same_origin_as_host = true + config.action_cable.mount_path = '/ws/notifications' # Customize any additional options below... diff --git a/config/routes.rb b/config/routes.rb index 169057d11f12..ec9f57201e62 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,6 +2,6 @@ if Rails.env.development? && defined?(Rails::Server) logger = Logger.new(STDOUT) logger.level = Logger.const_get(::Settings.log.level_websocket.upcase) - mount WebsocketServer.new(:logger => logger) => '/ws' + mount WebsocketServer.new(:logger => logger) => '/ws/console' end end diff --git a/lib/websocket_server.rb b/lib/websocket_server.rb index dc4bb6037a82..646c8478ac28 100644 --- a/lib/websocket_server.rb +++ b/lib/websocket_server.rb @@ -52,9 +52,6 @@ def initialize(options = {}) end def call(env) - # Pass the request to ActionCable if it is for notifications - return ActionCable.server.call(env) if env['REQUEST_URI'].start_with?('/ws/notifications') && ::Settings.server.asynchronous_notifications - exp = %r{^/ws/console/([a-zA-Z0-9]+)/?$}.match(env['REQUEST_URI']) if WebSocket::Driver.websocket?(env) && same_origin_as_host?(env) && exp.present? @logger.info("Remote console connection initiated with secret #{exp[1]}")