-
Notifications
You must be signed in to change notification settings - Fork 329
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow the application to configure Turbo::StreamChannel’s inheritance
`ApplicationCable::Connection` allows the application to apply authentication to all streams method, including those from `Turbo::Broadcastable`. By allowing `Turbo::StreamsChannel` to inherit from `ApplicationCable::Channel` we open up a symmetrical path for authorization. In the spirit of being secure by default we should be moving towards making `Turbo.base_stream_channel_class` default to `"ApplicationCable::Channel"` but doing so without warning would break applications relying on `ApplicationCable::Connection#authorized?` for non-turbo broadcastable streams only. Once we deem it safe we can remove the awkward initialiser and hard code `ApplicationCable::Channel` as the super class. If people needs different super classes for `Turbo::StreamsChannel` and custom channels they can simply add another super class to inherit from in their application. To-dos: - [ ] Generate the initializer on rails new - [ ] Add a commented out method in the rails new / channel generator to encourage authorization. - [ ] Decide on a roll out plan for making inheriting from `ApplicationCable::Channel` the default. - [ ] Add tests.
- Loading branch information
Showing
3 changed files
with
87 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters