Commit Graph

30 Commits

Author SHA1 Message Date
Vipul A M
7e7d6ccf34
Changelog edits 2016-11-12 13:14:49 -05:00
Matthew Draper
dae4044734 Permit same-origin connections by default
WebSocket always defers the decision to the server, because it didn't
have to deal with legacy compatibility... but the same-origin policy is
still a reasonable default.

Origin checks do not protect against a directly connecting attacker --
they can lie about their host, but can also lie about their origin.
Origin checks protect against a connection from 3rd-party controlled
script in a context where a victim browser's cookies will be passed
along. And if an attacker has breached that protection, they've already
compromised the HTTP session, so treating the WebSocket connection in
the same way seems reasonable.

In case this logic proves incorrect (or anyone just wants to be more
paranoid), we retain a config option to disable it.
2016-10-11 12:51:10 +10:30
Matthew Draper
9588a3d66d Merge pull request #26547 from palkan/fix/actioncable-confirmation-race-condition
Avoid race condition on subscription confirmation
2016-10-01 15:18:39 +09:30
Matthew Draper
5d92089bca Buffer writes to the cable sockets
Otherwise, they can sometimes block, leading to reduced system
throughput.
2016-09-28 06:44:23 +09:30
Vipul A M
8b984161d6
Pass over changelogs [ci skip] 2016-08-10 09:33:13 +05:30
Matthew Draper
48e8056d4f Correct changelog layout
[ci skip]
2016-07-09 03:17:51 +09:30
Matthew Draper
e995611155 Insert changelog entry for #25615 2016-07-09 02:56:03 +09:30
Matthew Draper
92421ee2d2 Merge pull request #25624 from tinco/actioncable_write_race
Fix race condition in websocket stream write
2016-07-09 02:44:15 +09:30
Matthew Wear
f3ba0c1dd3 Add ActiveSupport::Notifications hook to Broadcaster#broadcast
This addition of this notification hook will give users better visibility
into the messages being sent over the PubSub adapter.
2016-05-12 10:56:35 -07:00
Rafael Mendonça França
8ecc5ab1d8 Start Rails 5.1 development 🎉 2016-05-10 03:46:56 -03:00
Rafael Mendonça França
fbdcf5221a Preparing for 5.0.0.rc1 release 2016-05-06 16:54:40 -05:00
eileencodes
f7a986012a Prep Rails 5 beta 4 2016-04-27 15:48:47 -05:00
Jeremy Daer
fa3537506a Merge pull request #24224 from danielrhodes/actioncable-websocket-protocols
ActionCable protocol negotiation
2016-04-05 09:26:11 -07:00
Jeremy Daer
b168eb5819 Cable message encoding
* Introduce a connection coder responsible for encoding Cable messages
  as WebSocket messages, defaulting to `ActiveSupport::JSON` and duck-
  typing to any object responding to `#encode` and `#decode`.
* Consolidate encoding responsibility to the connection. No longer
  explicitly JSON-encode from channels or other sources. Pass Cable
  messages as Hashes to `#transmit` and rely on it to encode.
* Introduce stream encoders responsible for decoding pubsub messages.
  Preserve the currently raw encoding, but make it easy to use JSON.
  Same duck type as the connection encoder.
* Revert recent data normalization/quoting (#23649) which treated
  `identifier` and `data` values as nested JSON objects rather than as
  opaque JSON-encoded strings. That dealt us an awkward hand where we'd
  decode JSON strings… or not, but always encode as JSON. Embedding
  JSON object values directly is preferably, no extra JSON encoding,
  but that should be a purposeful protocol version change rather than
  ambiguously, inadvertently supporting multiple message formats.
2016-03-31 07:08:16 -07:00
Rafael Mendonça França
0df82a6453 Fix CHANGELOG entry [ci skip] 2016-03-30 00:34:37 -03:00
Matthew Wear
09a1321d5b Add AS::Notifications and LogSubscriber to ActionCable::Channel
This commit adds ActiveSupport::Notifications instrumentation hooks
and a LogSuscriber to ActionCable::Channel::Base.
2016-03-04 14:47:54 -08:00
Jeremy Daer
4f21ac7e9c Fix CHANGELOG spacing [ci skip] 2016-03-02 11:37:19 -07:00
Jon Moss
45635098ac Accept JSON with no backslashes/escaping
Fixes #22675

Allow channel identifiers and also data with no backslahes/escaping to be accepted by
the subscription storer.
2016-03-02 09:01:43 -05:00
Matthew Draper
185c93eb0c Use AS::Executor / AS::Reloader to support reloading in ActionCable 2016-03-02 02:14:20 +10:30
Jay Hayes
bbe59375d0 Update changelog 2016-02-24 17:22:26 -06:00
claudiob
7d46371d89 Add Ruby formatting to CHANGELOG entry
[ci skip]
2016-02-24 08:49:33 -08:00
eileencodes
dbfa8fdfc2 Preparing for 5.0.0.beta3 release
Adds changelog headers for beta3 release
2016-02-24 11:14:40 -05:00
David Heinemeier Hansson
5e5fd246d5 Allow for non-standard redis connectors 2016-02-04 12:10:35 +01:00
Rafael Mendonça França
60b040e362 Add some Action Cable CHANGELOG entries
And improve changelongs.

[ci skip]
2016-02-01 19:57:50 -02:00
Sean Griffin
49f6ce63f3 Preparing for Rails 5.0.0.beta2 2016-02-01 14:37:52 -07:00
Jon Moss
17a631f427 Small doc update per RF [ci skip] 2016-01-20 17:13:43 -05:00
Jon Moss
1600c67ff9 Add CHANGELOG.md entry for #22950
[ci skip]
2016-01-20 17:05:47 -05:00
Genadi Samokovarov
c5b6ec7b0f No more no changes entries in the CHANGELOGs
During the `5.0.0.beta1` release, the CHANGELOGs got an entry like the
following:

```
* No changes.
```

It is kinda confusing as there are indeed changes after it. Not a
biggie, just a small pass over the CHANGELOGs.

[ci skip]
2015-12-21 11:46:38 +02:00
eileencodes
099ddfdefd Add CHANGELOG headers for Rails 5.0.0.beta1 2015-12-18 15:58:25 -05:00
David Heinemeier Hansson
760de782f7 Initial stab at adding Action Cable to rails/master 2015-12-14 16:38:37 +01:00