search

graphql-java-kickstart / graphql-spring-boot

GraphQL and GraphiQL Spring Framework Boot Starters - Forked from oembedler/graphql-spring-boot due to inactivity.
https://www.graphql-java-kickstart.com/spring-boot/
MIT License
1.5k stars 325 forks source link

Support check origin for websocket to secure against cross-site attacks #941

Closed oliemansm closed 1 year ago

oliemansm commented 1 year ago

When a websocket connection is being established it should be able to check the origin header to secure against cross-site attacks. See also https://dev.solita.fi/2018/11/07/securing-websocket-endpoints.html.

Depends on https://github.com/graphql-java-kickstart/graphql-java-servlet/issues/516