[fix] Include the protocol in the origins check (#3198)

Previously, the protocol was not taken in account, which caused the following behaviour: ```js io.origins('https://foo.example.com:443'); // ok as a string io.origins(['https://foo.example.com:443'); // not ok as an array ``` Fixes #3190
socketio · Mar 10, 2018 · 1f1d64b · 1f1d64b
1 parent f4fc517
commit 1f1d64b
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/docs/API.md b/docs/API.md
@@ -225,13 +225,13 @@ io.adapter(redis({ host: 'localhost', port: 6379 }));
 
 #### server.origins([value])
 
-  - `value` _(String)_
+  - `value` _(String|String[])_
   - **Returns** `Server|String`
 
 Sets the allowed origins `value`. Defaults to any origins being allowed. If no arguments are supplied this method returns the current value.
 
 ```js
-io.origins(['foo.example.com:443']);
+io.origins(['https://foo.example.com:443']);
 ```
 
 #### server.origins(fn)

diff --git a/lib/index.js b/lib/index.js
@@ -80,9 +80,11 @@ Server.prototype.checkRequest = function(req, fn) {
         ? parts.port
         : defaultPort;
       var ok =
+        ~this._origins.indexOf(parts.protocol + '//' + parts.hostname + ':' + parts.port) ||
         ~this._origins.indexOf(parts.hostname + ':' + parts.port) ||
         ~this._origins.indexOf(parts.hostname + ':*') ||
         ~this._origins.indexOf('*:' + parts.port);
+      debug('origin %s is %svalid', origin, !!ok ? '' : 'not ');
       return fn(null, !!ok);
     } catch (ex) {
     }
@@ -241,7 +243,7 @@ Server.prototype.adapter = function(v){
 /**
  * Sets the allowed origins for requests.
  *
- * @param {String} v origins
+ * @param {String|String[]} v origins
  * @return {Server|Adapter} self when setting or value when getting
  * @api public
  */

diff --git a/test/socket.io.js b/test/socket.io.js
@@ -354,6 +354,17 @@ describe('socket.io', function(){
           done();
         });
     });
+
+    it('should allow request when using an array of origins', function(done) {
+      io({ origins: [ 'http://foo.example:54024' ] }).listen('54024');
+      request.get('http://localhost:54024/socket.io/default/')
+        .set('origin', 'http://foo.example:54024')
+        .query({ transport: 'polling' })
+        .end(function (err, res) {
+          expect(res.status).to.be(200);
+          done();
+        });
+    });
   });
 
   describe('close', function(){