CODEWITHSUNDEEP
node.jssocket.io
AnuragD
AnuragD

Reputation: 327

How can i prevent cross-domain connections and allow access from my domain only?

I am new to Node.JS , and this question might be a bit trivial . I am using something like this on the client side :-

 var sock = io.connect('http://www.mydomain.com:3000');
          sock.on('connect', function () {
                console.log("Connected successfully");
                sock.emit("_rK",{});
          });

My question is : How do i prevent cross domain connections ? Or simply , how do i prevent users from connecting to the web socket without using the website ?

According to this : Cross-domain connection in Socket.IO , cross domain connections are allowed in socket.io .

Upvotes: 2

Views: 2349

Answers (3)

user5046034
user5046034

Reputation:

Easy and security!

In the main file place it before io.on('connection'), add the lines:

io.set('origins', 'yoursite.com:*');

io.on('connection', function (socket) {

Upvotes: 0

Oleg
Oleg

Reputation: 23297

You may find origins option useful (wiki page):

server.js:

io.set('origins', 'www.mydomain.com:3000');

You can find more information about origins format here.

Upvotes: 2

Akshat Jiwan Sharma
Akshat Jiwan Sharma

Reputation: 16020

You could check for the originating url at the time of socket connection on the server. But that is not much safe and can easily be spoofed.

A technique that I use to verify web sockets is to send a token to the client and append it to the url of the socket server like this

ws://mysocket.server/token or ws://mysocket.server?token="somerandomtoken"

and then verify this token at the time of socket connection once. If the token can not be verified the server simply refuses the socket connection.

Upvotes: 0

Related Questions