Skip to content

Socket.IO security & HTTP Cookies for authentication #4

New issue
New issue
Open
Open
Socket.IO security & HTTP Cookies for authentication#4
Labels
bug
@hgdeoro

Description

@hgdeoro
hgdeoro
opened on Feb 28, 2014

https://github.com/LearnBoost/Socket.IO/wiki/Configuring-Socket.IO

Security Note: If your socket.io server uses HTTP Cookies for authentication,
the origins option should be restricted to only trusted hosts. Leaving the default
value can lead to third party sites performing authenticated cross-domain
requests to your socket.io endpoints and accessing unauthorized application data

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions