问题
Since the Origin does not work in the case of non-browser clients: non-browser clients can connect to a Websocket server with a fake origin. Non browser clients thereby can do requests that a programmer want through a program. How to stop this? I want that only my script hosted on my domain can connect to my websocket server. This page offers a “ticket”-based authentication system: https://devcenter.heroku.com/articles/websocket-security
However, it looks like it does not solve this problem because any non-browser clients from anywhere can have a ticket also.
I want that only my script hosted on my domain can connect to my websocket server.
Please tell me how to solve this. Thanks.
来源:https://stackoverflow.com/questions/29792475/websocket-how-to-not-allow-cross-domain-access