6.5.4

This release contains some minor changes which should improve the memory usage of the server, notably this.

Links

• Diff: 6.5.3...6.5.4
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.3

Bug Fixes

• improve compatibility with node16 module resolution (#689) (c6bf8c0)
• webtransport: properly handle abruptly closed connections (ff1c861)

Links

• Diff: 6.5.2...6.5.3
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.2

Bug Fixes

• webtransport: add proper framing (a306db0)

Links

• Diff: 6.5.1...6.5.2
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.1

Bug Fixes

• prevent crash when accessing TextDecoder (#684) (6dd2bc4)

Credits

Huge thanks to @iowaguy for helping!

Links

• Diff: 6.5.0...6.5.1
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.0

Bug Fixes

• uws: discard any write to an aborted uWS response (#682) (3144d27)

Features

Support for WebTransport

The Engine.IO server can now use WebTransport as the underlying transport.

WebTransport is a web API that uses the HTTP/3 protocol as a bidirectional transport. It's intended for two-way communications between a web client and an HTTP/3 server.

References:

• https://w3c.github.io/webtransport/
• https://developer.mozilla.org/en-US/docs/Web/API/WebTransport
• https://developer.chrome.com/articles/webtransport/

Until WebTransport support lands in Node.js, you can use the @fails-components/webtransport package:

import { readFileSync } from "fs";
import { createServer } from "https";
import { Server } from "engine.io";
import { Http3Server } from "@fails-components/webtransport";

// WARNING: the total length of the validity period MUST NOT exceed two weeks (https://w3c.github.io/webtransport/#custom-certificate-requirements)
const cert = readFileSync("/path/to/my/cert.pem");
const key = readFileSync("/path/to/my/key.pem");

const httpsServer = createServer({
  key,
  cert
});

httpsServer.listen(3000);

const engine = new Server({
  transports: ["polling", "websocket", "webtransport"] // WebTransport is not enabled by default
});

engine.attach(httpsServer);

const h3Server = new Http3Server({
  port: 3000,
  host: "0.0.0.0",
  secret: "changeit",
  cert,
  privKey: key,
});

(async () => {
  const stream = await h3Server.sessionStream("/engine.io/");
  const sessionReader = stream.getReader();

  while (true) {
    const { done, value } = await sessionReader.read();
    if (done) {
      break;
    }
    engine.onWebTransportSession(value);
  }
})();

h3Server.startServer();

Added in 123b68c.

Credits

Huge thanks to @OxleyS for helping!

Links

• Diff: 6.4.2...6.5.0
• Client release: 6.5.0
• ws version: ~8.11.0 (no change)

6.4.2

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

• include error handling for Express middlewares (#674) (9395782)
• prevent crash when provided with an invalid query param (fc480b4)
• typings: make clientsCount public (#675) (bd6d471)
• uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @tyilo and @cieldeville for helping!

Links

• Diff: 6.4.1...6.4.2
• Client release: -
• ws version: ~8.11.0 (no change)

6.4.1

This release contains 6e78489, which exports the BaseServer class in order to restore the compatibility with the nodenext module resolution strategy of TypeScript.

Reference: https://www.typescriptlang.org/tsconfig/#moduleResolution

Related: socketio/socket.io#4621

Links

• Diff: 6.4.0...6.4.1
• Client release: -
• ws version: ~8.11.0 (no change)

6.4.0

Features

• add support for Express middlewares (24786e7)

This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.

A workaround was possible by using the allowRequest option and the "headers" event, but this feels way cleaner and works with upgrade requests too.

Syntax:

engine.use((req, res, next) => {
  // do something

  next();
});

// with express-session
import session from "express-session";

engine.use(session({
  secret: "keyboard cat",
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}));

// with helmet
import helmet from "helmet";

engine.use(helmet());

Links

• Diff: 6.3.1...6.4.0
• Client release: 6.4.0
• ws version: ~8.11.0 (no change)

6.3.1

Links

• Diff: 6.3.0...6.3.1
• Client release: -
• ws version: ~8.11.0 (no change)

6.3.0

Bug Fixes

• fix the ES module wrapper (ed87609)
• wait for all packets to be sent before closing the WebSocket connection (a65a047)

Features

• add the "addTrailingSlash" option (#655) (d0fd474)

The trailing slash which was added by default can now be disabled:

import { Server } from "engine.io";

const server = new Server();

server.attach(httpServer, {
  addTrailingSlash: false
});

In the example above, the clients can omit the trailing slash and use /engine.io instead of /engine.io/.

Performance Improvements

• add the wsPreEncodedFrame option (5e34722)

This will be used when broadcasting packets at the Socket.IO level.

See also: socketio/socket.io-adapter@5f7b47d

Links

• Diff: 6.2.1...6.3.0
• Client release: 6.3.0
• ws version: ~8.11.0 (diff)