Closed arunoda closed 12 years ago
Great question
BTW: I just figure it out origin header has no use at all http://learnitcorrect.com/blog/websocket-is-great-but-not-the-origin-policy.html
It does have an use, see the comment by @saurik. Of course anyone can create a new request with any Origin
whatsoever from their terminal, but the key is can the website the user is visiting do it ?
Yes. he is correct. So how about a API like this?
var options = {
allowOrigin: function(origin) {
return true;
}
};
var ws = require('websocket.io')
, server = ws.listen(3000, null, options);
server.on('connection', function (socket) {
socket.on('message', function () { });
socket.on('close', function () { });
});
Async maybe ?
And called originCheck
?
Sounds good to me. And this should be optional right?
var options = {
originCheck: function(origin, confirm) {
confirm(true);
}
};
var ws = require('websocket.io')
, server = ws.listen(3000, null, options);
server.on('connection', function (socket) {
socket.on('message', function () { });
socket.on('close', function () { });
});
Correct.
If falsy, accepts the origin. If function, supplies the origin and callback.
awesome.
I need to only to allow some domains for my websocket server. How to configure that with websocket.io?