Realtime application framework (Node.JS server)
MIT License
Bot releases are hidden (Show)
Published by darrachequesne about 3 years ago
~5.2.0
~7.4.2
Published by darrachequesne about 3 years ago
~5.1.0
~7.4.2
Published by darrachequesne over 3 years ago
~5.1.0
~7.4.2
Published by darrachequesne over 3 years ago
~5.1.0
~7.4.2
Published by darrachequesne over 3 years ago
Blog post: https://socket.io/blog/socket-io-4-1-0/
engine.io
)engine.io
)~5.1.0
~7.4.2
Published by darrachequesne over 3 years ago
~5.0.0
~7.4.2
Published by darrachequesne over 3 years ago
Published by darrachequesne over 3 years ago
Blog post: https://socket.io/blog/socket-io-4-release/
Migration guide: https://socket.io/docs/v3/migrating-from-3-x-to-4-0/
io.to(...)
now returns an immutable operatorPreviously, broadcasting to a given room (by calling io.to()
) would mutate the io instance, which could lead to surprising behaviors, like:
io.to("room1");
io.to("room2").emit(/* ... */); // also sent to room1
// or with async/await
io.to("room3").emit("details", await fetchDetails()); // random behavior: maybe in room3, maybe to all clients
Calling io.to()
(or any other broadcast modifier) will now return an immutable instance.
~5.0.0
~7.4.2
Published by darrachequesne over 3 years ago
~4.1.0
~7.4.2
Published by darrachequesne over 3 years ago
~4.1.0
~7.4.2
Published by darrachequesne almost 4 years ago
In order to ease the migration to Socket.IO v3, the v3 server is now able to communicate with v2 clients:
const io = require("socket.io")({
allowEIO3: true // false by default
});
Note: the allowEIO3
refers to the version 3 of the Engine.IO protocol which is used in Socket.IO v2
~4.1.0
~7.4.2
Published by darrachequesne almost 4 years ago
This release reverts the breaking change introduced in 2.4.0
(https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7).
If you are using Socket.IO v2, you should explicitly allow/disallow cross-origin requests:
const io = require("socket.io")(httpServer, {
allowRequest: (req, callback) => {
callback(null, req.headers.origin === undefined); // cross-origin requests will not be allowed
}
});
io.origins(["http://localhost:3000"]); // for local development
io.origins(["https://example.com"]);
In any case, please consider upgrading to Socket.IO v3, where this security issue is now fixed (CORS is disabled by default).
~3.5.0
~7.4.2
Published by darrachequesne almost 4 years ago
~4.0.6
~7.4.2
Published by darrachequesne almost 4 years ago
Related blog post: https://socket.io/blog/socket-io-2-4-0/
⚠️ BREAKING CHANGE ⚠️
Previously, CORS was enabled by default, which meant that a Socket.IO server sent the necessary CORS headers (Access-Control-Allow-xxx
) to any domain. This will not be the case anymore, and you now have to explicitly enable it.
Please note that you are not impacted if:
origins
option to restrict the list of allowed domainsThis commit also removes the support for '*' matchers and protocol-less URL:
io.origins('https://example.com:443'); => io.origins(['https://example.com']);
io.origins('localhost:3000'); => io.origins(['http://localhost:3000']);
io.origins('http://localhost:*'); => io.origins(['http://localhost:3000']);
io.origins('*:3000'); => io.origins(['http://localhost:3000']);
To restore the previous behavior (please use with caution):
io.origins((_, callback) => {
callback(null, true);
});
See also:
Thanks a lot to @ni8walk3r for the security report.
~3.5.0
~7.4.2
Published by darrachequesne almost 4 years ago
~4.0.0
^7.1.2
Published by darrachequesne almost 4 years ago
~4.0.0
^7.1.2
Published by darrachequesne almost 4 years ago
~4.0.0
^7.1.2
Published by darrachequesne almost 4 years ago
~4.0.0
^7.1.2
Published by darrachequesne almost 4 years ago
More details about this release in the blog post: https://socket.io/blog/socket-io-3-release/
Dedicated migration guide: https://socket.io/docs/migrating-from-2-x-to-3-0/
the Socket#use() method is removed (see 5c73733)
Socket#join() and Socket#leave() do not accept a callback argument anymore.
Before:
socket.join("room1", () => {
io.to("room1").emit("hello");
});
After:
socket.join("room1");
io.to("room1").emit("hello");
// or await socket.join("room1"); for custom adapters
Before:
new Server(3000, {
origins: ["https://example.com"]
});
The 'origins' option was used in the allowRequest method, in order to
determine whether the request should pass or not. And the Engine.IO
server would implicitly add the necessary Access-Control-Allow-xxx
headers.
After:
new Server(3000, {
cors: {
origin: "https://example.com",
methods: ["GET", "POST"],
allowedHeaders: ["content-type"]
}
});
The already existing 'allowRequest' option can be used for validation:
new Server(3000, {
allowRequest: (req, callback) => {
callback(null, req.headers.referer.startsWith("https://example.com"));
}
});
Socket#rooms is now a Set instead of an object
Namespace#connected is now a Map instead of an object
there is no more implicit connection to the default namespace:
// client-side
const socket = io("/admin");
// server-side
io.on("connect", socket => {
// not triggered anymore
})
io.use((socket, next) => {
// not triggered anymore
});
io.of("/admin").use((socket, next) => {
// triggered
});
This method was kept for backward-compatibility with pre-1.0 versions.
~4.0.0
^7.1.2
Published by darrachequesne almost 4 years ago
~4.0.0
^7.1.2