Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to set socket.io origins to restrict connections to one url

We have one html site and one node.js server which serves that website. The website and the server exchange data using socke.io. We found this in the documentation:

origins defaults to *:* The origins that are allowed to connect to the Socket.IO server.

Our html.site is on http://questionexample.com/page1 . Only this site may connect to our server.(But everyone may connect to that website.) How do we have to set the origins?

like image 939
Michael Moeller Avatar asked Apr 02 '13 18:04

Michael Moeller


People also ask

How many socket.io connections can a server handle?

Once you reboot your machine, you will now be able to happily go to 55k concurrent connections (per incoming IP).

Is socket.io single threaded?

No, it's not multithreaded. Node. js uses a single threaded event loop.

Does socket.io use long polling?

First, Socket.IO creates a long-polling connection using xhr-polling. Then, once this is established, it upgrades to the best connection method available.

How many rooms can socket.io handle?

socket.io rooms are a lightweight data structure. They are simply an array of connections that are associated with that room. You can have as many as you want (within normal memory usage limits). There is no heavyweight thing that makes a room expensive in terms of resources.


2 Answers

If you dig into Socket.io source code, you will find such lines:

var origin = request.headers.origin || request.headers.referer
  , origins = this.get('origins');

...

var parts = url.parse(origin);
parts.port = parts.port || 80;
var ok =
  ~origins.indexOf(parts.hostname + ':' + parts.port) ||
  ~origins.indexOf(parts.hostname + ':*') ||
  ~origins.indexOf('*:' + parts.port);

As you can see Socket.io takes origin (or referer) that came from the client, retrieves domain name and port, and compares with the origins option you specified.

So the valid origins values are (* means "any"):

  • testsite.com:80
  • http://testsite.com:80
  • http://*:8080
  • *:8080
  • testsite.com:* http://someotherdomain.com:8080 (multiple origins separated by space)
  • testsite.com:*/somepath (socket.io will ignore /somepath)
  • *:*

And these are invalid (because no port number):

  • testsite.com
  • http://testsite.com
  • http://testsite.com/somepath

Also note that if you specify sub.testsite.com as origins value, the testsite.com will be valid origin.

like image 194
Oleg Avatar answered Sep 21 '22 20:09

Oleg


I've had similar problem. Try run node in production mode NODE_ENV=production node app.js. I had that code (as recommended here):

io.configure('production', function(){
    console.log("Server in production mode");
    io.enable('browser client minification');  // send minified client
    io.enable('browser client etag'); // apply etag caching logic based on version number
    io.enable('browser client gzip'); // the file
    io.set('log level', 1);           // logging
    io.set('transports', [            // all transports (optional if you want flashsocket)
        'websocket'
        , 'flashsocket'
        , 'htmlfile'
        , 'xhr-polling'
        , 'jsonp-polling'
    ]);
io.set('origins', 'http://questionexample.com/page1:*');
});

and Node rans in development mode so it simply couldn't work. After enabling production mode everything is ok.

I know that it is a little bit late answer but maybe someone else will use that

like image 35
Rob Avatar answered Sep 18 '22 20:09

Rob