0
votes

I am little new to SSE - server sent events implementation.

What I am trying to do is: to maintain a security check before connecting to SSE urls.
For ex- I have an SSE url which the clients will connect to , through EventSource:

   new EventSource("http://my.example.com/deviceData");

So, not every client should be able to connect to it. I have to restrict it to some clients. How can I do that?

A code sample will be really helpful.

1
You secure it just like you would any other resource. That is the beauty of SSE. It is HTTP.baynezy

1 Answers

0
votes

If the restriction is by IP, your server-side script can look at the headers and reject based on that. (It could also reject based on any of the other headers, but most of them can be forged, e.g. user-agent.)

If you are after the using logging in, you should use cookies. The simplest way is to have a login form on my.example.com that validates the user, and sends back a cookie. That cookie will then be sent to your SSE script, which can use its contents to validate the user. (If using this approach, you may also want to use https URLs: make sure both the login form and the SSE script are both on https, in that case.)