NeoAnd/evolution-api
1
0
Fork 0
mirror of https://github.com/EvolutionAPI/evolution-api.git synced 2025-08-28 10:16:11 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1802 from frieck/main
Some checks failed
Build Docker image / Build and Deploy (push) Has been cancelled
Details

Browse Source 
Securing websockets
This commit is contained in:
Davidson Gomes 2025-08-04 19:18:30 -03:00 committed by GitHub
commit a8343a8739
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/api/integrations/event/websocket/websocket.controller.ts
View File

@ -30,8 +30,12 @@ export class WebsocketController extends EventController implements EventControl
const url = new URL(req.url || '', 'http://localhost');
const params = new URLSearchParams(url.search);
const { remoteAddress } = req.socket;
const isLocalhost =
remoteAddress === '127.0.0.1' || remoteAddress === '::1' || remoteAddress === '::ffff:127.0.0.1';
// Permite conexões internas do Socket.IO (EIO=4 é o Engine.IO v4)
if (params.has('EIO')) {
if (params.has('EIO') && isLocalhost) {
return callback(null, true);
}