stable
Clone or download
Read-only
request #14967: Do not set "io" cookie when starting a communication with the realtime server
This cookie sets by the realtime does not any secure or same-site attribute. Modern browsers complains (rightfully) about it. This cookie is only used for sticky session which we do not need. This contribution tells to socket.io to not set it. The change can be easily tested with curl, the response to beginning the discussion with the RT server should not contain a Set-Cookie header: > curl -v https://rt.example.com/socket.io/?transport=polling -o /dev/null Change-Id: I326bf702c37977073079f48596403728abbc0d5c
Modified Files
Name | ||||
---|---|---|---|---|
M | server.js | +1 | −1 | Go to diff View file |