braid-http 1.3.101 → 1.3.103
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -17
- package/braid-http-server.js +9 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -385,23 +385,6 @@ var braidify = require('braid-http').http-server
|
|
|
385
385
|
nbraidify.enable_multiplex = true // or false
|
|
386
386
|
```
|
|
387
387
|
|
|
388
|
-
### How CORS works with Multiplexing
|
|
389
|
-
|
|
390
|
-
When multiplexing is enabled, the library presents the illusion that
|
|
391
|
-
everything is normal HTTP. Behind the scenes, a request/response pair is
|
|
392
|
-
made to `.well-known/multiplexer/<id>` to establish the multiplexer
|
|
393
|
-
channel — CORS is opened on this request. However, this request is hidden
|
|
394
|
-
from client code (it happens inside `braid_fetch`) and the response is
|
|
395
|
-
hidden from server code (it happens inside `braidify`).
|
|
396
|
-
|
|
397
|
-
One might worry that a cross-origin GET without proper CORS could trick the
|
|
398
|
-
server into piping its response through the multiplexer channel — and since
|
|
399
|
-
CORS is opened on the multiplexer channel, the client could read data it
|
|
400
|
-
shouldn't have access to. This doesn't happen, because the browser sends a
|
|
401
|
-
preflight OPTIONS request before the actual GET. If the server doesn't
|
|
402
|
-
return the proper CORS headers for that OPTIONS request, the browser never
|
|
403
|
-
sends the GET, and no data flows through the multiplexer channel.
|
|
404
|
-
|
|
405
388
|
## Testing
|
|
406
389
|
|
|
407
390
|
Run all tests from the command line:
|
package/braid-http-server.js
CHANGED
|
@@ -289,8 +289,15 @@ function braidify (req, res, next) {
|
|
|
289
289
|
|
|
290
290
|
// Parse the subscribe header
|
|
291
291
|
var subscribe = req.headers.subscribe
|
|
292
|
-
|
|
293
|
-
|
|
292
|
+
// If the subscribe header exists...
|
|
293
|
+
if ((subscribe === '' || subscribe)
|
|
294
|
+
// And this is a GET, because `Subscribe:` is only
|
|
295
|
+
// specified for GET thus far...
|
|
296
|
+
&& req.method === 'GET')
|
|
297
|
+
// Then let's set 'subscribe' on. We default to "true", but if the
|
|
298
|
+
// client actually specified a value other than empty string '', let's
|
|
299
|
+
// use that rich value.
|
|
300
|
+
subscribe = subscribe || true
|
|
294
301
|
|
|
295
302
|
// Define convenience variables
|
|
296
303
|
req.version = version
|