You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 7, 2024. It is now read-only.
I'm working on beyondcode/laravel-websockets and using a Pysher (python websocket https://github.com/deepbrook/Pysher) to connect to my laravel websocket server.
I've been looking for a solution to increase websocket security input/entry with something other than 'appKey' for several weeks.
Has anyone managed to implement anything other than this simple security with a easily accessible 'appKey'?
I thought about limiting entries by domain (websocket.php -> allowed_origins). But it doesn't suit me because my python connection will be outside the server's network.
I am currently working on the custom handler.
The only possibility I've imagined is to modify the onOpen function so that the user who instantiates a connection to the websocket provides me with a token.
I could ask to make an HTTP call on my API server with a bearer token, then send this token to the websocket connection onOpen, then check if the device opening the socket is an authorized user.
Am I off the mark? or the basic concept of the websocket is to allow anyone to open a socket connection?
If someone gets the websocket url they can flood the server and instantiate as many connections as they want? It's still amazing
Thanks,
The text was updated successfully, but these errors were encountered:
Hello,
I'm working on beyondcode/laravel-websockets and using a Pysher (python websocket https://github.com/deepbrook/Pysher) to connect to my laravel websocket server.
I've been looking for a solution to increase websocket security input/entry with something other than 'appKey' for several weeks.
Has anyone managed to implement anything other than this simple security with a easily accessible 'appKey'?
I thought about limiting entries by domain (websocket.php -> allowed_origins). But it doesn't suit me because my python connection will be outside the server's network.
I am currently working on the custom handler.
The only possibility I've imagined is to modify the onOpen function so that the user who instantiates a connection to the websocket provides me with a token.
I could ask to make an HTTP call on my API server with a bearer token, then send this token to the websocket connection onOpen, then check if the device opening the socket is an authorized user.
Am I off the mark? or the basic concept of the websocket is to allow anyone to open a socket connection?
If someone gets the websocket url they can flood the server and instantiate as many connections as they want? It's still amazing
Thanks,
The text was updated successfully, but these errors were encountered: