I use socket.io to establish two-way communication between server and client.
Everything works fine, but it seems that if a random person copies all of my client codes (including establishing a connection) and creates a separate new web page, it seems that the users who are connected to this new page can still communicate with my server. Which, in my opinion, can be used in bad ways.
Anyway, can I check where the socket messages are coming from? 'where' means the domain that the user used to send the message to the server?
Is there a way to limit or control the list of domains for sending and receiving socket messages?
source share