Skip to content

Commit

Permalink
fix(eio): prevent the client from upgrading twice (uws)
Browse files Browse the repository at this point in the history
Related: #5066
  • Loading branch information
darrachequesne committed Sep 19, 2024
1 parent da61381 commit d5095fe
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 3 deletions.
6 changes: 3 additions & 3 deletions packages/engine.io/lib/userver.ts
Original file line number Diff line number Diff line change
Expand Up @@ -185,13 +185,13 @@ export class uServer extends BaseServer {
const client = this.clients[id];
if (!client) {
debug("upgrade attempt for closed client");
res.close();
return res.close();
} else if (client.upgrading) {
debug("transport has already been trying to upgrade");
res.close();
return res.close();
} else if (client.upgraded) {
debug("transport had already been upgraded");
res.close();
return res.close();
} else {
debug("upgrading existing transport");
transport = this.createTransport(req._query.transport, req);
Expand Down
20 changes: 20 additions & 0 deletions packages/engine.io/test/server.js
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,26 @@ describe("server", () => {
});
});

it("should prevent the client from upgrading twice", (done) => {
engine = listen((port) => {
const client = new ClientSocket(`ws://localhost:${port}`);

client.on("upgrade", () => {
const socket = new WebSocket(
`ws://localhost:${port}/engine.io/?EIO=4&transport=websocket&sid=${client.id}`,
);

socket.on("error", () => {});

socket.on("close", () => {
client.close();

done();
});
});
});
});

it("should disallow `__proto__` as transport (polling)", (done) => {
const partialDone = createPartialDone(done, 2);

Expand Down

0 comments on commit d5095fe

Please sign in to comment.