Merge pull request #501 from PrivPreMiD/fix-all-origins-vuln

[Stable/Urgent] Fix socketio server being able to be accessed by any website
2026-04-05 20:31:58 +02:00 · 2020-09-29 01:19:06 +02:00
parent 9f43b3d9e1 8de108548c
commit a916982107
1 changed files with 4 additions and 0 deletions
--- a/src/managers/socketManager.ts
+++ b/src/managers/socketManager.ts
@@ -26,6 +26,10 @@ export function init() {
 		//* If someone connects to socket socketConnection
 		server = createServer();
 		io = socketIo(server, { serveClient: false });
+		io.origins((o, c) => {
+			if (o !== '*') c('Not a chrome extension, socket denied.', false);
+			c(null, true);
+		});
 		server.listen(3020, () => {
 			//* Resolve promise
 			//* Debug info