vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-07 08:57:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
4826 commits 5 branches 432 tags 273 MiB
Commit graph

4 commits

Author SHA1 Message Date
rcourtman
778a2577b6 feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
rcourtman
a9ed380718 fix(websocket): respect X-Forwarded headers in same-origin check 
- Use X-Forwarded-Proto/X-Forwarded-Scheme for scheme detection
- Use X-Forwarded-Host for host matching behind reverse proxies
- Update tests with remoteAddr for CSWSH protection validation
 2026-02-03 21:45:39 +00:00
rcourtman
b2659ef6a8 Add unit tests for websocket Hub.checkOrigin function 
Test coverage for CORS origin validation including:
- No origin header (non-browser clients)
- Same-origin requests with/without proxy headers
- Wildcard and explicit allowed origins
- Private network fallback (192.168.x, 10.x, localhost, .local, .lan)
- Public IP/domain rejection
- X-Forwarded-Proto/Host/Scheme header handling
- WebSocket protocol normalization (ws->http, wss->https)

Coverage: 37.3% → 48.6%
 2025-12-01 09:33:40 +00:00
rcourtman
27b1188368 Add unit tests for websocket utility functions 
Test coverage for pure utility functions:
- isValidPrivateOrigin: validates private network origins (security)
- normalizeForwardedProto: normalizes ws/wss to http/https for proxies
- sanitizeValue: handles NaN/Inf values in JSON data
- cloneMetadata/cloneMetadataValue: deep copies metadata maps/slices
- cloneAlert/cloneAlertData: deep copies alert structures

Coverage increased from 20.9% to 37.3% (80 test cases).
 2025-11-30 00:34:38 +00:00