Skip to content

Commit

Permalink
Update check origin docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@josevalim
josevalim authored Dec 20, 2023
1 parent 95f4910 commit 3020172
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions lib/phoenix/endpoint.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -837,8 +837,9 @@ defmodule Phoenix.Endpoint do
If `true`, the header is checked against `:host` in `YourAppWeb.Endpoint.config(:url)[:host]`.
If `false`, your app is vulnerable to Cross-Site WebSocket Hijacking (CSWSH)
attacks. Only use in development, when the host is truly unknown or when
If `false` and you do not validate the session in your socket, your app
is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) attacks.
Only use in development, when the host is truly unknown or when
serving clients that do not send the `origin` header, such as mobile apps.
You can also specify a list of explicitly allowed origins. Wildcards are
Expand Down

0 comments on commit 3020172

Please sign in to comment.