vrr/Ruview
2
0
Fork 0
mirror of https://github.com/ruvnet/RuView.git synced 2026-04-28 05:59:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

security: Fix insecure WebSocket connections

Browse source 
- Use wss:// in production and non-localhost environments
- Only allow ws:// for localhost development
- Improve WebSocket security configuration
This commit is contained in:
fr4iser 2026-02-28 20:40:19 +01:00
parent 896c4fc520
commit ac094d4a97
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ui/config/api.config.js
View file

@ -107,7 +107,11 @@ export function buildApiUrl(endpoint, params = {}) {
// Helper function to build WebSocket URLs
export function buildWsUrl(endpoint, params = {}) {
const protocol = window.location.protocol === 'https:'
// Always use secure WebSocket (wss://) in production or when using HTTPS
// Use ws:// only for localhost development
const isLocalhost = window.location.hostname === 'localhost' || window.location.hostname === '127.0.0.1';
const isProduction = window.location.protocol === 'https:' || process.env.NODE_ENV === 'production';
const protocol = (isProduction || !isLocalhost)
? API_CONFIG.WSS_PREFIX
: API_CONFIG.WS_PREFIX;