dearsky/wifi-densepose
1
0
Fork 0
Code Issues 20 Pull Requests 5 Actions Packages Projects Releases 1 Wiki Activity

security: Fix insecure WebSocket connections

Browse Source 
- Use wss:// in production and non-localhost environments
- Only allow ws:// for localhost development
- Improve WebSocket security configuration
This commit is contained in:
fr4iser
2026-02-28 20:40:19 +01:00
parent 896c4fc520
commit ac094d4a97
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ui/config/api.config.js
View File

@@ -107,7 +107,11 @@ export function buildApiUrl(endpoint, params = {}) {
// Helper function to build WebSocket URLs
export function buildWsUrl(endpoint, params = {}) {
const protocol = window.location.protocol === 'https:'
// Always use secure WebSocket (wss://) in production or when using HTTPS
// Use ws:// only for localhost development
const isLocalhost = window.location.hostname === 'localhost' || window.location.hostname === '127.0.0.1';
const isProduction = window.location.protocol === 'https:' || process.env.NODE_ENV === 'production';
const protocol = (isProduction || !isLocalhost)
? API_CONFIG.WSS_PREFIX
: API_CONFIG.WS_PREFIX;