Skip to content

Commit 13e69dd

Browse files
fix(eio): prevent WebTransport connections when a middleware is registered
1 parent b785377 commit 13e69dd

File tree

2 files changed

+31
-0
lines changed

2 files changed

+31
-0
lines changed

packages/engine.io/lib/server.ts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -529,6 +529,13 @@ export abstract class BaseServer extends EventEmitter {
529529
}
530530

531531
public async onWebTransportSession(session: any) {
532+
if (this.middlewares.length > 0) {
533+
// middlewares expect an IncomingMessage argument, which cannot be created from the WebTransport session object
534+
// see also: https://github.com/fails-components/webtransport/issues/448
535+
debug("closing session since WebTransport is not compatible with middlewares");
536+
return session.close();
537+
}
538+
532539
const timeout = setTimeout(() => {
533540
debug(
534541
"the client failed to establish a bidirectional stream in the given period",

packages/engine.io/test/webtransport.mjs

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -392,6 +392,30 @@ describe("WebTransport", () => {
392392
);
393393
});
394394

395+
it("should refuse the connection when a middleware is registered", (done) => {
396+
setupServer({}, async ({ engine, h3Server, certificate }) => {
397+
engine.use((req, res, next) => {
398+
next(new Error("thou shall not pass"));
399+
});
400+
401+
const client = new WebTransport(
402+
`https://127.0.0.1:${h3Server.port}/engine.io/`,
403+
{
404+
serverCertificateHashes: [
405+
{
406+
algorithm: "sha-256",
407+
value: certificate.hash,
408+
},
409+
],
410+
},
411+
);
412+
413+
await client.closed;
414+
415+
success(engine, h3Server, done);
416+
});
417+
});
418+
395419
it("should send ping/pong packets", (done) => {
396420
setup(
397421
{

0 commit comments

Comments
 (0)