Closed copy closed 7 years ago
Currently the library doesn't check the value of the origin header. If it isn't checked, it's possible to connect to the websocket server from any host.
See http://www.gorillatoolkit.org/pkg/websocket#hdr-Origin_Considerations for a reasonably secure approach.
Currently the library doesn't check the value of the origin header. If it isn't checked, it's possible to connect to the websocket server from any host.
See http://www.gorillatoolkit.org/pkg/websocket#hdr-Origin_Considerations for a reasonably secure approach.