2.x and 1.x compatibility #3007
Comments
|
+1 |
|
Is there no way the 2.x client/server can detect they are connected to a 1.x server/client and use the old protocol? I'm in this same boat; I have thousands of clients connecting to my socket.io server, and they're all 1.x, so there's no easy way for me to upgrade to 2.x. I could perhaps spin up a second socket.io server on a different hostname and have my old clients connect to the old one and my new clients connect to my new one, but that sounds like a lot of work for something that should be handled by the library. :P |
|
It does worry me that no one cares to comment. I realise that people might think there is some sort of liability associated, but a "sounds right, but can't commit" would be good. In my case I went ahead and there were no problems, so I would imagine the only way to find out is to test it yourself. In my case everything worked fine, but it would make me sleep better at night if someone dared to answer my original question. |
|
It's becoming a more pressing problem, too, as the highest socket 1.x
depends on libraries that are being tagged by nsp as having security
vulnerabilites.
…On Oct 14, 2017 14:02, "niallel" ***@***.***> wrote:
It does worry me that no one cares to comment. I realise that people might
think there is some sort of liability associated, but a "sounds right, but
can't commit" would be good.
In my case I went ahead and there were no problems, so I would imagine the
only way to find out is to test it yourself. In my case everything worked
fine, but it would make me sleep better at night if someone dared to answer
my original question.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#3007 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABsF-zaEUlaF5op3yyIaVKD2jm0Hx2V7ks5ssPctgaJpZM4OZHX0>
.
|
|
Hi guys, |
|
@IlyaDiallo please see the release note: https://github.com/socketio/socket.io/releases/tag/2.0.0 The release note contains the following breaking changes:
As described in the pull request, strings were utf8-encoded twice when using So, unless you only use
Example: let client = io();
let adminClient = io('/admin');
client.on('connect', () => console.log(this.id)); // 6em3d4TJP8Et9EMNAAAA
adminClient.on('connect', () => console.log(this.id)); // /admin#6em3d4TJP8Et9EMNAAAA
// 1.x
adminClient.on('connect', () => console.log(this.id)); // 6em3d4TJP8Et9EMNAAAA |
|
Thats great, confirms what I had tested. |
|
@darrachequesne I've read the release notes. They're not giving explicitly the informations that you are giving here, i.e. it only (partly) breaks polling transport, so you can mix 1.x and 2.0 versions with websocket transport (which is the protocol used in the vast majority of cases). I'd say that's important enough to be mentioned in the release notes.
So that's correct, it only affects non-default namespaces ? And in that case, what are the symptoms ? |
|
@IlyaDiallo It sounds like the namespace is now incorporated into the client socket's |
|
@jwalton a you sure ? If it's only that (i.e. id is not used internally), that seems like a pretty weak incompatibility. More like "compatible with caveat" than a blunt "not compatible" statement. |
|
@jwalton I've seen the PR but I'm not familiar with the internals of socket.io, so I can't easily translate it to a yes/no response to the question "is the change affecting socket.io internally or is it only affecting users relying on the id being equal or not". And NB it's also related to #959 #2405 and #2509. |
|
I too am unfamiliar with the code, so take my assertions with an appropriate grain of salt. :) But AFAIK, yes, it's just that the ID changed. The half of it with the polling transport is much more worrisome. |
Depends. The default behavior of the client is to switch to websocket if available, and it should be available in nearly all cases. Maybe you could check that server side by tracking the clients that are actually using polling ? |
|
@IlyaDiallo fair enough, the documentation could be improved!
Yes, only non-default namespaces, for which the socket id is now |
|
@darrachequesne thanks for the confirmation. So that incompatibility only affects the (small ?) subset of users using non-default namespaces + using connection |
|
Hi there, is there any response to @IlyaDiallo question? Seem like very rational backward compatibility solution especially when there is no an easy way to update all clients. |
The realtime is expected to continue to work as before. While being a major version upgrade to a breaking change [0][1], not a lot of trouble is expected from this contribution. Even if our server still uses socket.io ^1, the TestManagement plugin is using socket.io-client ^2 since a while without particular issues. [0] https://github.com/socketio/socket.io/releases/tag/2.0.0 [1] socketio/socket.io#3007 (comment) Change-Id: Ic7f3fd4f9acacfc3fd5ddd48c82523f73f6495c6
Version 2.x is not backwards compatible with 1.x.
However, according to [0], [1] and [2], it seems that the biggest concern is
when mixing different server and client versions, and this is not Etherpad's
case.
Smoke tested (successfully) on Firefox 61, Chromium 68.
npm audit before this change:
found 12 vulnerabilities (9 low, 3 high) in 8205 scanned packages
11 vulnerabilities require semver-major dependency updates.
1 vulnerability requires manual review. See the full report for details.
npm audit after this change:
found 1 low severity vulnerability in 8196 scanned packages
1 vulnerability requires manual review. See the full report for details.
Fixes #3462
[0] https://socket.io/blog/socket-io-2-0-0/
[1] socketio/socket.io#3007 (comment)
[2] Enalean/tuleap@a0d7a79
|
we have implemented this at opensooq and the solution is open-sourced here https://github.com/OpenSooq/socketio_repeater/ read our blog post |
|
Even after having upgraded my server to v2, although the majority of my clients are also on v2, there are still several who are running v1. I've identified that those clients always seem to be in polling mode and never switch to WebSocket mode, which is causing a lot of unnecessary traffic on my server. My workaround was to change the socket.io |
I know its not recommended, but it seems to work for the situation I'm in.
I'm using it with Cordova in an app, so I can't just upgrade the server as many clients will be on 1.x.
However I did a test with the client on 2.0.3 and the server on 1.7.4 and all worked.
Are there examples of what would work and what wouldn't. For example if I'm just using very basic ascii characters will it all work?
I've spent the day testing with my apps setup.
Everything has worked, 1.4.5 <--> 2.0.3 (client and server both ways).
When I read the notes for the utf encoding problem I see that it only mentions if you are using polling.
So I imagine if you are using web sockets then it works fine (seems to).
Is this correct, or am I missing something that could break it?
With the other issue #1058, it mentions if you are using the non-default namespace.
So again I imagine if you are using the default namespace it works fine (again seems to).
Is this correct as well?
Would someone be able to confirm if there are any other reasons why there would be problems.
thanks,
The text was updated successfully, but these errors were encountered: