paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 22:13:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

socket: Explain why we disable some transports

Browse Source 
(imported from commit 670d2f558a11a6f4fcce3f2e107582c4425b9285)
This commit is contained in:
Zev Benjamin
2013-11-25 11:50:11 -05:00
parent baf2b5a275
commit bc43981ccf
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
zerver/lib/socket.py
View File

@@ -254,6 +254,9 @@ def respond_send_message(data):
remote_ip=connection.session.conn_info.ip,
email=connection.session.user_profile.email, client_name='?')
# We disable the eventsource and htmlfile transports because they cannot
# securely send us the zulip.com cookie, which we use as part of our
# authentication scheme.
sockjs_router = sockjs.tornado.SockJSRouter(SocketConnection, "/sockjs",
{'sockjs_url': 'https://%s/static/third/sockjs/sockjs-0.3.4.js' % (settings.EXTERNAL_HOST,),
'disabled_transports': ['eventsource', 'htmlfile']})