Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

phx_join is not passing through on_mount (router.ex) #3660

Closed
diegonogueira opened this issue Feb 4, 2025 · 3 comments
Closed

phx_join is not passing through on_mount (router.ex) #3660

diegonogueira opened this issue Feb 4, 2025 · 3 comments

Comments

@diegonogueira
Copy link

Environment

  • Elixir version (elixir -v): 1.16.2
  • Phoenix version (mix deps): 1.7.14
  • Phoenix LiveView version (mix deps): 0.20.17

Actual behavior

After loading a page, the socket sends a message with a "phx_join" event. If, using plain JavaScript (Inspect Element), I resend the "phx_join" while modifying the "url" to a non-existent route, the execution reaches my LiveView file without passing through my "on_mount" defined in the route.

As a consequence, I no longer have the initial assigns of the application (e.g., company, profile), causing an error due to missing keys in the assigns.

Is this expected behavior? Is there anything I can do to prevent these kinds of errors?

Note: I am receiving such errors from bots.

Expected behavior

Maybe if every "phx_join" event went through the routes (on_mount) again, this issue would be resolved.
@SteffenDE
Copy link
Collaborator

Just to make sure, you're seeing bots sending fake phx_join messages over websocket with non existent URL parameter?

Can you post the exact errors you're seeing? To get to a LV mount, the bot would need to also send the correct session parameter, which seems very unlikely.

@diegonogueira
Copy link
Author

Yes. The bot is connecting to the LiveView, then it changes the URL and sends a new push.

To simulate this, I did the following:

  1. Loaded the app.
  2. Using the browser's Inspect Element, I copied the phx_join socket message that was sent from my application.
  3. Formatted the message as {topic, event, payload, session, ref, join_ref}.
  4. Changed the URL to a non-existent route and ran the following command in the browser console:
liveSocket.getSocket().push(message)

The error I keep receiving in my app is:

** (KeyError) key :current_company not found in: %{
  params: :not_mounted_at_router,
  __changed__: %{
    params: true,
    can_join: true,
    can_unjoin: true,
    can_publish: true,
    can_self_update_member: true
  },
  flash: %{},
  live_action: nil,
  can_join: false,
  can_unjoin: false,
  can_publish: false,
  can_self_update_member: false
}

@SteffenDE
Copy link
Collaborator

This is fixed in LV 1.0 (09d798c).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@diegonogueira @SteffenDE