TsgcWebSocketServer.SecurityOptions
Click here to see this page in full context

TsgcWebSocketServerProperties › SecurityOptions

SecurityOptions Property

Defines admission rules such as allowed origins for browser WebSocket handshakes.

Syntax

property SecurityOptions: TsgcWSSecurity_Options read FSecurityOptions write SetSecurityOptions;

Default Value

OriginsAllowed="" (all origins allowed)

Remarks

Use OriginsAllowed to lock down which origins the server accepts WebSocket handshakes from. By default all origins are allowed; any non-empty value enables a whitelist and the server closes connections whose Origin header does not match. Patterns accept wildcards for the port (for example http://127.0.0.1:5555 for a single origin or http://127.0.0.1:* to accept any port on that host). Separate multiple origins with commas. Setting OriginsAllowed to an empty string restores the permissive default.

Example


oServer := TsgcWebSocketServer.Create(nil);
oServer.SecurityOptions.OriginsAllowed := 'http://127.0.0.1:*';
oServer.Active := true;

Back to Properties