Menu
Is it possible to use Socket.IO in a cross domain manner? If so, how? The possibility is mentioned around the web but no code examples are given anywhere.
338
Note: You can use either https or wss (respectively, http or ws ).
Once you reboot your machine, you will now be able to happily go to 55k concurrent connections (per incoming IP).
WebSocket doesn't come with CORS inbuilt. That being said, it means that any website can connect to any other website's websocket connection and communicate without any restriction! I'm not going into reasons why this is the way it is, but a quick fix to this is to verify Origin header on the websocket handshake.
WebSockets can make cross-origin requests that are not restricted by browser-based protection mechanisms such as the Same Origin Policy (SOP) or Cross-Origin Resource Sharing (CORS). Without explicit origin validation, this makes CSRF attacks more powerful.
Quoting the socket.io FAQ:
Does Socket.IO support cross-domain connections?
Absolutely, on every browser!
As to how it does it: Native WebSockets are cross-domain by design, socket.io serves a flash policy file for cross-domain flash communication, XHR2 can use CORS, and finally you can always use JSONP.
65
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
