leave some notes about a minor race condition

4 years ago · eb32651c67
parent 541498aad5
commit eb32651c67
2 changed files with 5 additions and 2 deletions
--- a/lib/env.js
+++ b/lib/env.js
@ -89,6 +89,10 @@ module.exports.create = function (config) {
            }
        },

+/*  FIXME restrictRegistration is initialized as false and then overridden by admin decree
+    There is a narrow window in which someone could register before the server updates this value.
+    See also the cached 'restrictRegistration' value in server.js#serveConfig
+*/
        restrictRegistration: false,
        allowSubscriptions: config.allowSubscriptions === true,
        blockDailyCheck: config.blockDailyCheck === true,
--- a/server.js
+++ b/server.js
@ -105,7 +105,6 @@ var setHeaders = (function () {
    }
    if (Object.keys(headers).length) {
        return function (req, res) {
-
            // apply a bunch of cross-origin headers for XLSX export in FF and printing elsewhere
            applyHeaderMap(res, {
                "Cross-Origin-Opener-Policy": /^\/sheet\//.test(req.url)? 'same-origin': '',
@ -280,7 +279,7 @@ var serveConfig = makeRouteCache(function (host) {
            defaultStorageLimit: Env.defaultStorageLimit,
            maxUploadSize: Env.maxUploadSize,
            premiumUploadSize: Env.premiumUploadSize,
-            restrictRegistration: Env.restrictRegistration,
+            restrictRegistration: Env.restrictRegistration, // FIXME see the race condition in env.js
        }, null, '\t'),
        'obj.httpSafeOrigin = ' + (function () {
            if (config.httpSafeOrigin) { return '"' + config.httpSafeOrigin + '"'; }