is there any way to set "allowed_origins" for pusher service
Now anyone that know my "app_key" can connect to my socket server in pusher.com "app_key" is in socket request address in the browser console so its not secure !
Asked
Active
Viewed 200 times
1 Answers
1
That wouldn't make it more secure. It's probably why Pusher doesn't have a feature like that. A malicious actor could still easily send arbitrary header from any server and subscribe to a channel.
If you are concerned about who can subscribe to a channel (e.g., you are broadcasting sensitive messages), you must use private channels.
A.S
- 236
- 1
- 3
-
yes i useing private chanel but i see this option in laravel-websockets and not found in pusher docs , tnx – farshidpg Jan 14 '22 at 14:54