TsgcWebSocketProxyServer › Properties › SecurityOptions
Defines admission rules such as allowed origins for browser WebSocket handshakes reaching the proxy.
property SecurityOptions: TsgcWSSecurity_Options read FSecurityOptions write SetSecurityOptions;OriginsAllowed="" (all origins allowed)
Use OriginsAllowed to lock down which origins the proxy accepts WebSocket handshakes from before any traffic is forwarded to the upstream server defined in Proxy. By default all origins are allowed; any non-empty value enables a whitelist and the proxy closes connections whose Origin header does not match. Patterns accept wildcards for the port (for example http://127.0.0.1:5555 for a single origin or http://127.0.0.1:* to accept any port on that host). Separate multiple origins with commas. Setting OriginsAllowed to an empty string restores the permissive default.
oProxy := TsgcWebSocketProxyServer.Create(nil);
oProxy.SecurityOptions.OriginsAllowed := 'http://127.0.0.1:*';
oProxy.Proxy.Host := 'upstream.example.com';
oProxy.Proxy.Port := 8080;
oProxy.Active := true;