Play NodeJS Labs on this vulnerability with SecureFlag!
This library provides a method to define the list of allowed origins:
io.origins(['https://example.com:443']);
If this value isn’t set, any origin is allowed by default.