You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,6 +11,7 @@ All notable user-visible changes to Hunk are documented in this file.
11
11
### Fixed
12
12
13
13
- Hardened the local session daemon against browser-originated requests by validating Host and Origin headers and requiring JSON content types for API posts.
14
+
- Disabled the generic broker HTTP API by default so Hunk's supported session API is the only app-daemon command surface.
Copy file name to clipboardExpand all lines: packages/session-broker-bun/README.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ Use this package when you want to serve a runtime-neutral `SessionBrokerDaemon`
10
10
- upgrades websocket requests on the daemon socket path
11
11
- forwards websocket messages and close events into the daemon
12
12
- exposes a `stopped` promise compatible with Hunk's daemon lifecycle
13
-
- lets callers override or add custom HTTP routes before the generic broker routes
13
+
- lets callers override or add custom HTTP routes before the daemon's built-in routes
14
14
15
15
## Usage
16
16
@@ -55,7 +55,7 @@ const server = serveSessionBrokerDaemon({
55
55
});
56
56
```
57
57
58
-
Return `undefined` to fall through to the generic broker routes.
58
+
Return `undefined` to fall through to the daemon's built-in routes. The raw `/broker` HTTP API is available only when the daemon was created with `exposeHttpApi: true`.
0 commit comments