TsgcWebSocketFirewall › Methods › IsOriginAllowed
Checks a WebSocket Origin header against WebSocketProtection.AllowedOrigins (with wildcard support) and returns whether it is accepted.
function IsOriginAllowed(const aOrigin: string): Boolean;| Name | Type | Description |
|---|---|---|
aOrigin | const string | Value of the HTTP Origin header sent by the client during the WebSocket handshake (e.g. "https://app.example.com"). |
True if the origin is allowed, WebSocketProtection is disabled, or AllowedOrigins is empty; False when the list is populated and the origin does not match any entry. (Boolean)
AllowedOrigins entries may include the "*" wildcard, so "https://*.example.com" matches any subdomain. IsOriginAllowed is one of the three granular WebSocketProtection helpers and is invoked automatically by the server integration at handshake time; call it directly only when implementing a custom handshake pipeline.
sgcWebSocketFirewall1.WebSocketProtection.Enabled := True;
sgcWebSocketFirewall1.WebSocketProtection.AllowedOrigins.Add('https://*.example.com');
if sgcWebSocketFirewall1.IsOriginAllowed(Connection.Origin) then
Accept := True;