Ad

Pusher Service Has Allowed_origins?

- 1 answer

is there any way to set "allowed_origins" for pusher service

https://pusher.com

Now anyone that know my "app_key" can connect to my socket server in pusher.com "app_key" is in socket request address in the browser console so its not secure !

Ad

Answer

That wouldn't make it more secure. It's probably why Pusher doesn't have a feature like that. A malicious actor could still easily send arbitrary header from any server and subscribe to a channel.

If you are concerned about who can subscribe to a channel (e.g., you are broadcasting sensitive messages), you must use private channels.

Ad
source: stackoverflow.com
Ad