Locking down the HTTP referrer
Socket.IO is really good at getting around cross-domain issues when you create a request from a client in a different domain than the domain your server lives on. You can easily include the Socket.IO script from a different domain on your page. It will work just as you may expect it to.
There are some instances where you may not want your Socket.IO events to be available to every other domain. Not to worry! We can easily whitelist only the http referrers that we want so that some domains will be allowed to connect and other domains won't.
How to do it…
To lock down the HTTP referrer and only allow events to whitelisted domains, follow these steps:
Create two different servers that can connect to your Socket.IO instance. We will let one server listen on port
5000
, and let the second server listen on port5001
:var express = require('express'), app = express(), http = require('http'), socketIO = require('socket.io'), server, server2, io...