Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 7 commits
- 7 files changed
- 2 contributors
Commits on Jun 6, 2022
-
feat: decrease the default value of maxHttpBufferSize
This change reduces the default value from 100 mb to a more sane 1 mb. This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data. Backported from 734f9d1
-
fix: add extension in the package.json main entry (#608)
The `main` entry for the `package.json` file is for defining the entry point. The entry is currently missing the required `.js` extension, this PR brings it back. Backported from 17b8c2f
-
fix: do not reset the ping timer after upgrade
There was two issues with this behavior: - v3 clients (with allowEIO3: true) were also receiving a "ping" after a successful upgrade, which is incorrect (in v3, it's the client that sends the "ping", and the server answers with a "pong") - the ping timer is not reset after upgrade on the client-side, so an upgrade which took longer than the `pingTimeout` duration could lead to a "ping timeout" error on the client-side I think the latter issue is present since the initial implementation. Related: socketio/socket.io-client-swift#1309 (comment) Backported from ff2b8ab
-
feat: increase the default value of pingTimeout
This value was updated from 60000 to 5000 in [1], included in `[email protected]` (Feb 2018). The reasoning back then: Some users experienced long delays between disconnection on the server-side and on the client-side. The "disconnect" event would take a long time to fire in the browser, probably due to a timer being delayed. Hence the change. That being said, the current value (5s) now causes unexpected disconnections when a big payload is sent over a slow network, because it prevents the ping-pong packets from being exchanged between the client and the server. This can also happen when a synchronous task blocks the server for more than 5 seconds. The new value (20s) thus seems like a good balance between quick disconnection detection and tolerance to various delays. Note: pingInterval + pingTimeout is still below the threshold of React Native, which complains if a timer is set with a delay of more than 1 minute. [1]: 65b1ad1 Related: - socketio/socket.io#2770 - socketio/socket.io#2769 - socketio/socket.io#3054 - socketio/socket.io#3376 Backported from 5a7fa13
Commits on Nov 20, 2022
-
fix: catch errors when destroying invalid upgrades
Before this change, receiving an HTTP2 upgrade would make the server crash: > Error: read ECONNRESET > at TCP.onStreamRead (node:internal/stream_base_commons:217:20) { > errno: -104, > code: 'ECONNRESET', > syscall: 'read' > } This can be reproduced with Node.js v14.15.3, v16.18.1 and v18.12.1. Backported from 425e833
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 3.5.0...3.6.1