Handling cross-origin requests
Gargron opened this issue · comments
Eugen Rochko commented
How would you go about restricting access to a whitelist of origins? Would you compare the origin header socket.request['origin']
on connection start, and close it if there's no match?
Martyn Loughran commented
Basically yes - I'd check handshake.origin
in the onopen
block and close the connection with an appropriate close code if the origin was not valid.