Skip to content

Commit de11e6f

Browse files
DavidsonGomesDavidsonGomes
committed
fix(websocket): improve host validation logic in WebsocketController
1 parent 26e7eef commit de11e6f

File tree

2 files changed

+6
-10
lines changed

2 files changed

+6
-10
lines changed

package-lock.json

Lines changed: 0 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/api/integrations/event/websocket/websocket.controller.ts

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,12 @@ export class WebsocketController extends EventController implements EventControl
3434
const websocketConfig = configService.get<Websocket>('WEBSOCKET');
3535
const allowedHosts = websocketConfig.ALLOWED_HOSTS || '127.0.0.1,::1,::ffff:127.0.0.1';
3636
const allowAllHosts = allowedHosts.trim() === '*';
37-
const isAllowedHost = allowAllHosts || allowedHosts
38-
.split(',')
39-
.map((h) => h.trim())
40-
.includes(remoteAddress);
37+
const isAllowedHost =
38+
allowAllHosts ||
39+
allowedHosts
40+
.split(',')
41+
.map((h) => h.trim())
42+
.includes(remoteAddress);
4143

4244
if (params.has('EIO') && isAllowedHost) {
4345
return callback(null, true);

0 commit comments

Comments
 (0)