1.6.1

Fixes * Update eventsource to 2.0.2 due to CVE-2022-1650. Fixes #590 * Update minimist to 1.2.6. Fixes #585

1.6.0

Fixes * Remove agent: false to allow usage of globalAgent. Fixes #421

dependencies * Update url-parse due to CVE-2022-0686, CVE-2022-0639, and CVE-2022-0512. Fixes #576 * Remove json3 dependency. Fixes #476 * Update eventsource to 1.1.0 * Update faye-websocket to 0.11.4 * Update debug to 3.2.7

devDependencies * Update follow-redirects (devDep) due to CVE-2022-0536 and CVE-2022-0155 * Update karma (devDep) due to CVE-2022-0437 * Update cached-path-relative (devDep) due to CVE-2021-23518 * Update fsevents (devDep) to fix: * ini CVE-2020-7788 * minimist CVE-2020-7598 * tar CVE-2021-37713, CVE-2021-37701, CVE-2021-32804, CVE-2021-32803 * Update copy-props (devDep) due to CVE-2020-28503 * Update eslint, mocha, gulp-replace, karma-browserify, gulp-sourcemaps, and browserify

Other Changes * Remove bower * Remove Travis CI * Require Node.js 12

1.5.2

• Update url-parse due to CVE-2021-3664.

1.5.1

• Update url-parse due to CVE-2021-27515.

1.5.0

• Update url-parse, kind-of, minimist, websocket-extensions due to security vulnerabilies.
• Update dev dependencies.
• Allow loopback address hostnames on a secure page. Fixes #486
• Enable eventsource transport for node.js clients.

1.4.0

• Add timeout option to set a minimum transport timeout. Fixes #403
• Update dev deps to fix security warnings from npm audit
• Guard against null this._transport in debug statement. Fixes #448

1.3.0

• Revert debug to ^3 because v4 starts using ES6. Fixes #457

1.2.0

• Update all outdated dependencies
• Switch to karma and browserstack for running automated browser tests

1.1.5

• Wrap the the contentWindow access in a try/catch block when in setTimeout #363
• Revised example in README #356
• Fix connection close when Transport timeout #358
• Fixed crash with react-native@0.45.1 on Android #386
• Update jsDelivr link #404, #405
• Remove Sauce Labs unsupported browsers
• Add link to rust server implementation #411
• location.protocol should include final : #396

1.1.4

• Upgrade debug and fix object key literal mangling, fixes regression in Opera 11.10 #359
• Trim descriptions in package.json and bower.json - #372

1.1.3

• Bad publish to NPM (removed)

1.1.2

• Ensure both sender and receiver are cleaned upon close - #342
• Remove event listeners before calling close - #344
• Update documentation links - #351, #339, #316
• Explicitly export undefined when WebSocket does not exist. Fixes Webpack. #321
• Include dist folder on npm - #265
• Simplify build setup
• Update to Node.js 6.9
• Add sourcemap for minified version
• Remove unused String.trim shim

1.1.1

• Do not pass protocols or options arguments to browser WebSocket constructor - #309

1.1.0

• Fix IE7/8 usage of console.log which does not have apply - #279
• Remove dbg global variable - #282
• Bump faye-websocket version to 0.11.0 - #267
• Optimize arguments usage - #263
• Add sourcemap file to dist folder - #237
• Add way to transparently pass transport-specific options - #272

1.0.3

• Use https module for xhr requests in node when url uses https - #254

1.0.2

• Fix iframe info receiver url
• Move iframe.contentWindow check inside setTimeout - #246

1.0.1

• Use proper base url for iframe-based info receiver - #249
• Don't register unload event in chrome packaged app - #223
• Allow custom session ids - #250
• Remove version property from bower.json - #247
• Update example CDN url - #244

1.0.0

• Simplify url handling by delegating to url-parse - #242
• Upgrade to url-parse 1.0.1 to fix colon issue if auth has no password

1.0.0-beta.13

• Transport timeout on connection should fallback - #238

1.0.0-beta.12

• Upgrade url-parse to 1.0.0 to fix #218 again

1.0.0-beta.10

• Upgrade url-parse to 0.2.3 to fix #222

1.0.0-beta.9

• Upgrade url-parse to 0.2.1 to fix 'too much recursion' errors

1.0.0-beta.8

• Upgrade url-parse to 0.2.0 to fix inheritance issues

1.0.0-beta.7

• Upgrade url-parse to 0.1.5 to fix #218
• Don't strip basic auth from url - #219

1.0.0-beta.6

• Upgrade url-parse to 0.1.3 to avoid CSP issues

1.0.0-beta.5

• Upgrade url-parse to 0.1.1 to fix #214

1.0.0-beta.4

• Upgrade url-parse to 0.1.0 and sockjs to 0.3.11
• Update .npmignore

1.0.0-beta.3

• Move debug from devDependencies to dependencies

1.0.0-beta.2

• Relax requirements when using same origin XHR - #80
• Upgrade to JSON3 from JSON2 - #123
• Package library with browserify supporting the UMD pattern - #184
• Move tests to JavaScript
• Add Gulp.js build script
• Fix getOrigin for file:/// urls and standard ports - #173
• Add onerror event handlers to Websockets - #169
• Increase RTO lower bound to prevent spurious timeouts on IE8/9 - #161
• Use window.crypto for random values when available - #128
• Fix handling of listeners added and removed mid-dispatch - #127
• Fix XHR Streaming for IE8 - #83
• Remove explicit AMD name - #107
• Check for an empty response from /info request - #143
• Add Content-Type to XHR requests to fix issue over HTTPS on Galaxy S4 - #164
• Fix iframe fallback when message is sent from a popup in IE7/8 - #166
• Add support for query strings on the url - #72
• Now works inside of Web Workers - #181
• Support EventSource / Server Sent Events outside of iframes - #201
• Rename protocols to transports - #65
• Allow transports which need the body to trigger on 'interactive' readyState - #175
• try/catch access to document.domain - #187
• Use window.location instead of document.location - #195
• Allow usage from node.js with same API

0.3.4

• Mentioned njoyce's fork of sockjs-gevent.

• 90 - Don't catch onbeforeunload event - it breaks javascript://

  links in IE.
• IE mangles 204 response code for 1223 on ajax, see: http://bugs.jquery.com/ticket/1450
• Make new optional for SockJS constructor (via substack).
• It is impossible to cancel JSONP polling request - compensate for that.
• Refactored EventEmitter prototype (used only internally)

• 66 - Failure to post data to /xhr_send should kill the session

0.3.2

• 77 - Getting /info on modern browsers when html is served from

   file:// urls was broken.
  

0.3.1

• 61 - Meteor guys found that we unintentionally catch "onopen" errors.

• 63 - Meteorjs guys found that xhr-streaming on Safari sometimes

  left busy cursor running.
• Increased allowed time for websocket transport (from 1 rtt to 2), this should make ws transport more reliable over SSL, at the cost of slightly longer connection time for users with blocked ws.

• 57 - previous fix didn't really work, sockjs-client still left

  a mess in browsers history when using iframe transports. This is fixed now.

• 60 - Opera 12 (next) claims to do AJAX2 / CORS, but can't

  do xhr-streaming.

• 58 - onunload test sometimes failed on Safari on windows

• Updated readme WRT websocket protocols
• Updated readme WRT deployments on heroku
• Add minimalistic license block to every source file.

0.3.0

• Temporarily disabled iframe tests - they are failing unpredictably.

• 57 - pointing an iframe to "about:blank" during cleanup caused

  Opera to messup history.

• 55 - Improved iframe abstraction (reduced a possible mem leak)

• Refactored AJAX abstractions, for better CORS handing - again.
• Add additional parent origin security check to an iframe.
• Urls with hashes or query strings can't be passed to SockJS.

• 18 - Mention workaround for Firefox ESC key issue

• 53 - AMD compliance

• sockjs/sockjs-protocol#28 - always use square brackets for websocket frames

• 51 - initial support for IE10 - try XHR before XDR

• 28 - handle onunload / onbeforeunload in a more robust fashion

• 49 - support SockJS-client being used from files served from

  file:// urls.

0.2.1

• "smoke-latency.html" test was unnecesairly sending too much data.
• Bumped core dependencies (coffee-script and uglify-js)
• Minor updates to the README, few cosmetic changes in the code.

0.2.0

• The API had changed - use protocols_whitelist option instead of passing an array of protocols as a second argument to SockJS constructor.
• Dropped 'chunking-test' functionality and replace it with 'info'.
• Rewritten protocol-choosing alogirthm, see "utils.detectProtocols" method.
• Use dynamic protocol timeouts based on RTT, not hardcoded 5 seconds

• 34 - Don't ever reuse session_id, especially when trying

  fallback protocols.
• The test server got moved from SockJS-client to SockJS-node.
• Don't test unicode surrogates - it can't work in some environments.
• XHR/XDR helpers were rewritten, ajax transports were simplified.
• Added a domain check in the iframe to improve security.
• SockJS will now trigger 1002 error if there is a problem during handshake instead of 2000 error.
• Smoke-throughput test is renamed to smoke-latency.

0.1.2

• 29 - Allow all unicode characters to be send over SockJS.

• 15 - SockJS should now work fine even if the connection is started

  in HEAD, before BODY is loaded.

• 28 - In rare circumstances WebSocket connection can be left intact

  after the page is unloaded in FireFox.
• Updated scripts to work with Node 0.6.
• Initial work to do better QUnit testing.
• Updated the minifying script (always escape unicode chars, remove trailing comment).
• Use string instead of array of chars (utils.js:random_number_string).

0.1.1

• 21 Get JsonP transport working on IE9 (Vladimir Dronnikov).

• 26 Emit heartbeat event.

• 27 Include license inline.

0.1.0

• SockJS-client can only send UTF-8 encodable strings. Previously we took advantage of rich data structures and automatically json-encoded them, but this got removed. Now, all data passed to send will be converted to string. This is also how native
• status property on EventClose is renamed to code as per Websocket API WebSockets behave.
• The test server was updated to new sockjs-node API
• Fixed problem with Jsonp-polling transport on IE9
• Repository was moved - updated links.

0.0.4

• All transports were refactored, some transports were introduced: htmlfile and separate xhr-streaming.
• Added logic to detect support for http chunking, and thus a possibility to rule out streaming transports before running them.
• Added 'cookie' option, useful for cookie-based load balancing (currently, it make a difference only for IE).
• Added hack to prevent EventSource from crashing Safari and Chrome.
• Loads and loads of other small and medium changes.

0.0.2

• Initial support for JSESSIONID based load balancing. Currently doesn't play nicely with IE XDomainRequest transport.

0.0.1

• Initial release.