Protected socket.io connection with csrf-sync to prevent cross-site connections.

2024-12-29 23:06:11 -05:00 · 2024-12-29 23:06:11 -05:00 · 4a865e8aa8
commit 4a865e8aa8
parent 6c379321f7
3 changed files with 16 additions and 3 deletions
--- a/www/js/channel/channel.js
+++ b/www/js/channel/channel.js
@ -35,7 +35,12 @@ class channel{
    }

    connect(){
-        this.socket = io();
+        this.socket = io({
+            extraHeaders: {
+                //Include CSRF token
+                'x-csrf-token': utils.ajax.getCSRFToken()
+            }
+        });
    }

    defineListeners(){