da91b06218
There are 2 options, same_origin and allowed_origins that should apply only to webbrowsers that set the Origin http header. If the header is not present, the server should not fail direct clients using websocket protocol, or leafnodes. From spec: https://datatracker.ietf.org/doc/html/rfc6455#section-1.6 The WebSocket Protocol uses the origin model used by web browsers to restrict which web pages can contact a WebSocket server when the WebSocket Protocol is used from a web page. Naturally, when the WebSocket Protocol is used by a dedicated client directly (i.e., not from a web page through a web browser), the origin model is not useful, as the client can provide any arbitrary origin string. Resolves #2207 Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
NATS is a simple, secure and performant communications system for digital systems, services and devices. NATS is part of the Cloud Native Computing Foundation (CNCF). NATS has over 40 client language implementations, and its server can run on-premise, in the cloud, at the edge, and even on a Raspberry Pi. NATS can secure and simplify design and operation of modern distributed systems.
Documentation
- Official documentation
- FAQ
- Watch a video overview of NATS to learn more about its origin story and design philosophy.
Contact
- Twitter: Follow us on Twitter!
- Google Groups: Where you can ask questions
- Slack: Click here to join. You can ask question to our maintainers and to the rich and active community.
Contributing
If you are interested in contributing to NATS, read about our...
Security
Security Audit
A third party security audit was performed by Cure53, you can see the full report here.
Reporting Security Vulnerabilities
If you've found a vulnerability or a potential vulnerability in the NATS server, please let us know at nats-security.
License
Unless otherwise noted, the NATS source files are distributed under the Apache Version 2.0 license found in the LICENSE file.