Locking down the HTTP referrer

Socket.IO is really good at getting around cross-domain issues when you create a request from a client in a different domain than the domain your server lives on. You can easily include the Socket.IO script from a different domain on your page. It will work just as you may expect it to.

There are some instances where you may not want your Socket.IO events to be available to every other domain. Not to worry! We can easily whitelist only the http referrers that we want so that some domains will be allowed to connect and other domains won't.

How to do it…

To lock down the HTTP referrer and only allow events to whitelisted domains, follow these steps:

Create two different servers that can connect to your Socket.IO instance. ...

Get Socket.IO Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Socket.IO Cookbook by Tyson Cadenhead

Locking down the HTTP referrer

How to do it…

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly