LearnBoost / websocket.io

329 stars 59 forks source link

How to filter clients with the origin? #44

Closed arunoda closed 12 years ago

arunoda commented 12 years ago

I need to only to allow some domains for my websocket server. How to configure that with websocket.io?

rauchg commented 12 years ago

Great question

arunoda commented 12 years ago

BTW: I just figure it out origin header has no use at all http://learnitcorrect.com/blog/websocket-is-great-but-not-the-origin-policy.html

rauchg commented 12 years ago

It does have an use, see the comment by @saurik. Of course anyone can create a new request with any Origin whatsoever from their terminal, but the key is can the website the user is visiting do it ?

arunoda commented 12 years ago

Yes. he is correct. So how about a API like this?


var options = {
  allowOrigin: function(origin) {
     return true;
  }
};

var ws = require('websocket.io')
  , server = ws.listen(3000, null, options);

server.on('connection', function (socket) {
  socket.on('message', function () { });
  socket.on('close', function () { });
});
rauchg commented 12 years ago

Async maybe ? And called originCheck ?

arunoda commented 12 years ago

Sounds good to me. And this should be optional right?

var options = {
  originCheck: function(origin, confirm) {
     confirm(true);
  }
};

var ws = require('websocket.io')
  , server = ws.listen(3000, null, options);

server.on('connection', function (socket) {
  socket.on('message', function () { });
  socket.on('close', function () { });
});
rauchg commented 12 years ago

Correct.

If falsy, accepts the origin. If function, supplies the origin and callback.

arunoda commented 12 years ago

awesome.