ros/autocoder
1
0
Fork 0
mirror of https://github.com/leonvanzyl/autocoder.git synced 2026-03-17 02:43:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: accept WebSocket before validation to prevent opaque 403 errors

Browse Source 
All WebSocket endpoints now call websocket.accept() before any
validation checks. Previously, closing the connection before accepting
caused Starlette to return an opaque HTTP 403 instead of a meaningful
error message.

Changes:
- Server: Accept WebSocket first, then send JSON error + close with
  4xxx code if validation fails (expand, spec, assistant, terminal,
  main project WS)
- Server: ConnectionManager.connect() no longer calls accept() to
  avoid double-accept
- UI: Gate expand button and keyboard shortcut on hasSpec
- UI: Skip WebSocket reconnection on application error codes (4000-4999)
- UI: Update keyboard shortcuts help text

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
nioasoft
2026-02-05 21:08:46 +02:00
parent 035e8fdfca
commit 70131f2271
2 changed files with 3 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/routers/terminal.py
View File

@@ -225,9 +225,7 @@ async def terminal_websocket(websocket: WebSocket, project_name: str, terminal_i
await websocket.accept()
# Validate project name
try:
project_name = validate_project_name(project_name)
except Exception:
if not validate_project_name(project_name):
await websocket.send_json({"type": "error", "message": "Invalid project name"})
await websocket.close(
code=TerminalCloseCode.INVALID_PROJECT_NAME, reason="Invalid project name"

7
server/websocket.py
View File

@@ -728,9 +728,7 @@ async def project_websocket(websocket: WebSocket, project_name: str):
# Always accept WebSocket first to avoid opaque 403 errors
await websocket.accept()
try:
project_name = validate_project_name(project_name)
except Exception:
if not validate_project_name(project_name):
await websocket.send_json({"type": "error", "content": "Invalid project name"})
await websocket.close(code=4000, reason="Invalid project name")
return
@@ -885,8 +883,7 @@ async def project_websocket(websocket: WebSocket, project_name: str):
break
except json.JSONDecodeError:
logger.warning(f"Invalid JSON from WebSocket: {data[:100] if data else 'empty'}")
except Exception as e:
logger.warning(f"WebSocket error: {e}")
except Exception:
break
finally: