Open lotuspolarbear opened 3 years ago
walkor
commented
3 years ago It works fine for me.
$sender_io = new SocketIO(2120);
$sender_io->origins('http://127.0.0.1:*');
When I changed $sender_io->origins('http://127.0.0.1:*'); to $sender_io->origins('http://128.0.0.1:*');
lotuspolarbear
commented
3 years ago Hi, thanks for your response.
Yeah, it returns 403 on my end as well but the response has Access-Control-Allow-Origin value.
Here's what I got.
The vulnerability scan result still says socket.io is exposed to any origin.
I don't want the Access-Control-Allow-Credentials and Access-Control-Allow-Origin to come back as a response.
Any ideas?
Thank you!
lotuspolarbear
commented
3 years ago Instead of the 403 Forbidden error, is it possible to send a 404 Page Not Found error?
walkor
commented
3 years ago Not support send 404 page error.
发自我的iPhone
------------------ Original ------------------ From: Polar Bear @.> Date: Mon,Jun 14,2021 2:22 AM To: walkor/phpsocket.io @.> Cc: walkor @.>, Comment @.> Subject: Re: [walkor/phpsocket.io] CORS issue (#264)
Instead of the 403 Forbidden error, is it possible to send a 404 Page Not Found error?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
lotuspolarbear
commented
3 years ago I think it's possible if I modify the sendErrorMessage() function in /src/Engine/Engine.php?
walkor
commented
3 years ago Yes
lotuspolarbear
commented
3 years ago Thank you!
Hi, I'd like to set only trusted origins to the socket server so it won't be exposed to any origins.
I usde $io->origins to allow the requests from my domain but it is still being exposed to any domains. Here's my code.
$io = new SocketIO(2020, $context); $io->origins('https://mydomain.com:*'); $io->on('workerStart', function()use($io){ $io->adapter('\PHPSocketIO\ChannelAdapter'); });
Are there any ways to fix the CORS issue with/without using $io->origins ?
Thank you!