Socket
Socket
Sign inDemoInstall

faye

Package Overview
Dependencies
5
Maintainers
1
Versions
44
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install
2345Next

1.4.0

Diff

Changelog

Source

1.4.0 / 2020-07-31

  • Implement TLS certificate verification and enable it by default in the Ruby client class Faye::Client
  • Add a :tls option to the Ruby client with sub-field :verify_peer for configuring TLS verification
  • Officially support the tls option in the Node.js client, whose contents are forward to the https and tls modules as appropriate
jcoglan
published 1.3.0 •

Changelog

Source

1.3.0 / 2020-06-08

  • Support user:pass@ authorization in URIs and send Authorization headers from the Node HTTP transport
  • Support IPv6 hostnames in URIs
  • Allow credentials (cookies and Authorization headers) in cross-origin requests, by:
    • setting Access-Control-Allow-Origin to the value of the Origin header (not *)
    • enabling Access-Control-Allow-Credentials
  • Enable credentials when sending cross-origin requests
  • Don't disconnect WebSocket on page unload if autodisconnect is turned off
  • Catch errors when creating a WebSocket, which happens when Content Security Policy blocks it, allowing other transports to be tried
  • Fix a bug in the client where it handles messages from other clients as though they're the server's response to its own messages, based on the id field; now we only treat messages as server responses if they contain successful: true
  • Stop sending an empty message list [] from the WebSocket client as a keep-alive mechanism since CometD does not accept this message
  • Fix deprecation warnings for using the new Buffer() constructor
  • Switch to the Apache 2.0 license
jcoglan
published 1.2.5 •

Changelog

Source

1.2.5 / 2020-04-28

  • Fix /meta/* channel recognition bug in the server that enables authentication bypass
    • https://blog.jcoglan.com/2020/04/28/authentication-bypass-in-faye/
jcoglan
published 1.1.3 •

Changelog

Source

1.1.3 / 2020-04-28

  • Fix /meta/* channel recognition bug in the server that enables authentication bypass
    • https://blog.jcoglan.com/2020/04/28/authentication-bypass-in-faye/
jcoglan
published 1.0.4 •

Changelog

Source

1.0.4 / 2020-04-28

  • Fix /meta/* channel recognition bug in the server that enables authentication bypass
    • https://blog.jcoglan.com/2020/04/28/authentication-bypass-in-faye/
jcoglan
published 1.2.4 •

Changelog

Source

1.2.4 / 2017-01-28

  • Fix RackAdapter#get_client that was failing due to a URI error
  • Define Promise#catch in a safe way for old browsers
  • Log errors in the Node HTTP transport
jcoglan
published 1.2.3 •

Changelog

Source

1.2.3 / 2016-10-11

  • Return an error if the data field is missing on published messages
  • Fix errors that occur in the new websocket util when the browser does not support WebSocket
jcoglan
published 1.2.2 •

Changelog

Source

1.2.2 / 2016-07-18

  • Mitigate the HTTPoxy vulnerability: https://httpoxy.org/
jcoglan
published 1.2.1 •

Changelog

Source

1.2.1 / 2016-06-29

  • Fix a missing variable error in NodeAdapter
jcoglan
published 1.2.0 •

Changelog

Source

1.2.0 / 2016-06-26

  • Add client.subscribe().withChannel() to yield the message channel for wildcard subscriptions
  • Restructure the JavaScript codebase around Node modules (require/exports) rather than globals
  • Update the Promise shim to reflect the standard API, including catch() and all()
  • Support connecting to servers that use SNI in the Ruby client
  • Make the JavaScript client work inside React Native and Web Workers
  • Remove JSON2; you should import a JSON shim yourself if necessary
  • Handle errors that occur when a message is partially delivered via EventSource
  • Reject requests with invalid (non-array or -object) top-level JSON values
  • Make local client requests asynchronous to avoid re-entrant request handling errors
  • Remove Connection: Close from HTTP responses to allow use of keep-alive
  • Use XMLHttpRequest in preference to the ActiveX API in IE10
  • Fix bug where flushing large message batches puts promises in an invalid state
2345Next
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc