Menu
I am using socket.io to establish 2 way communication between the server and the client.
Everything works fine, but it seems that if random person copies all my client side codes (including establishing connection) and make a separate new webpage, it seems that users who are connected to that new page can still communicate with my server. Which I think it can be used in bad ways.
Is there anyway that I can check where the socket messages are coming from? 'where' means the domain that user has used to send message to the server?
Is there a way to restrict or control list of domains to send and receive socket message?
351
I am answering my own question.
According to socket.io wiki, it is possible to specify 'origins' or clients' domain.
origins defaults to
*:*The origins that are allowed to connect to the Socket.IO server.
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
