Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update cors.md to allow CORS for websockets #816

Merged
merged 2 commits into from
Aug 7, 2019
Merged

Update cors.md to allow CORS for websockets #816

merged 2 commits into from
Aug 7, 2019

Conversation

nii236
Copy link
Contributor

@nii236 nii236 commented Aug 5, 2019

The cors.md file did not cover websockets in particular. I have updated the example in the cors.md file to show how this is done.

@coveralls
Copy link

coveralls commented Aug 5, 2019

Coverage Status

Coverage remained the same at 61.677% when pulling 297e09c on nii236:patch-1 into 373359d on 99designs:master.

upgrader := websocket.Upgrader{
CheckOrigin: func(r *http.Request) bool {
// Check against your desired domains here
return true
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably should read something like:

   return r.Host == "example.org"

defaulting to true is a huge security hole, as it allows any domain to open websockets to your graph.

@nii236
Copy link
Contributor Author

nii236 commented Aug 7, 2019

No worries @vektah, I've changed it.

@vektah vektah merged commit 8f0d9b4 into 99designs:master Aug 7, 2019
@nii236 nii236 deleted the patch-1 branch August 7, 2019 08:02
@vektah vektah added the v0.9.2 label Aug 8, 2019
cgxxv pushed a commit to cgxxv/gqlgen that referenced this pull request Mar 25, 2022
Update cors.md to allow CORS for websockets
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants