joaoricardo000
Reputation: 4959
How to assure that websocket was opened from my webpage
So, the question is: Is there a way to be sure that the client who is trying to connect to my websocket server, is doing this from the webpage that I provide, and not from any other page, or script?
Upvotes: 1
Views: 792
Answers (1)
rook
Reputation: 67039
A malicious user/program can connect to this websocket and there is nothing you can do about it (Period end of story). However, the same-origin policy for WebSockets should be very similar to that of XHR. JavaScript on another domain cannot access a WebSocket on your domain unless you explicitly allow it. So this means if someone where to redistribute your content, they would have to use a cross-domain proxy.
Upvotes: 2
Related Questions
- How can I guarantee that websocket onopen to be called
- Websocket Security
- WebSockets authentication
- How to check if Websocket is open in Javascript
- Websocket server: how to authorize clients?
- WebSocket authentication security
- Authentication before opening a Websocket
- WebSocket Connection establishment from Browser
- protecting websockets from external scripts
- Establish connection with WebSocket