Cross-Site WebSocket Hijacking in NodeJS

Play NodeJS Labs on this vulnerability with SecureFlag!

Socket.io

This library provides server options to define the list of allowed origins:

const io = new Server(httpServer, {
  cors: {
    origin: ["https://example.com"]
  }
});