Link Search Menu Expand Document
×
Topics

Cross-Site WebSocket Hijacking in NodeJS

Play SecureFlag Play NodeJS Labs on this vulnerability with SecureFlag!

Socket.io

This library provides a method to define the list of allowed origins:

io.origins(['https://www.example.com:443']);

If this value isn’t set, any origin is allowed by default.