Is it possible to remove sid from socket.io client get request to server?How do I remove a property from a JavaScript object?Remove empty elements from an array in JavascriptHow to get the value from the GET parameters?Get selected text from a drop-down list (select box) using jQueryHow do I remove a key from a JavaScript object?How do I remove a particular element from an array in JavaScript?Remove duplicate values from JS arraySocket.io client with non-socket.io server404 not found when using socket.io-client with reactSocket.io client cant connect to server
How do I generate distribution of positive numbers only with min, max and mean?
Character is called by their first initial. How do I write it?
"I you already know": is this proper English?
How can I receive packages while in France?
How important is a good quality camera for good photography?
Weed in Massachusetts: underground roots, skunky smell when bruised
Convert every file from JPEG to GIF in terminal
TSA asking to see cell phone
What do I do when a student working in my lab "ghosts" me?
How to avoid unconsciously copying the style of my favorite writer?
Why isn't there a serious attempt at creating a third mass-appeal party in the US?
How can I create a pattern of parallel lines that are increasing in distance in Photoshop / Illustrator?
Is it legal for private citizens to "impound" e-scooters?
What is the effect and/or good reasons of changing a paper bill to a coin?
What does "see" in "the Holy See" mean?
Trying to build a function to compute divided difference for arbitrary list of points
Is my employer paying me fairly? Going from 1099 to W2
What is "I bet" in German?
Why didn't Britain or any other European power colonise Abyssinia/Ethiopia before 1936?
What does コテッと mean?
Is this photo showing a woman posing in the nude before teenagers real?
Terence Tao–type books in other fields?
Does academia have a lazy work culture?
High income, sudden windfall
Is it possible to remove sid from socket.io client get request to server?
How do I remove a property from a JavaScript object?Remove empty elements from an array in JavascriptHow to get the value from the GET parameters?Get selected text from a drop-down list (select box) using jQueryHow do I remove a key from a JavaScript object?How do I remove a particular element from an array in JavaScript?Remove duplicate values from JS arraySocket.io client with non-socket.io server404 not found when using socket.io-client with reactSocket.io client cant connect to server
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I'm fairly new to socket.io but I have been trying to figure out a way to remove the sid from the GET requests that the socket.io client sends to the server.
Example:
http://localhost:3333/socket.io/?EIO=3&transport=polling&t=Mcx24JE&sid=pC6VHpJeXalrePERAAAB
I was hoping that the client's connect() call might except some parameters that would allow for one to hide the sid by issuing a POST instead of a GET but so far I haven't had much luck.
Thanks for taking a look.
javascript node.js socket.io
asked Mar 26 at 17:30
wolfPackwolfPack
181 silver badge7 bronze badges
add a comment |
I'm fairly new to socket.io but I have been trying to figure out a way to remove the sid from the GET requests that the socket.io client sends to the server.
Example:
http://localhost:3333/socket.io/?EIO=3&transport=polling&t=Mcx24JE&sid=pC6VHpJeXalrePERAAAB
I was hoping that the client's connect() call might except some parameters that would allow for one to hide the sid by issuing a POST instead of a GET but so far I haven't had much luck.
Thanks for taking a look.
javascript node.js socket.io
asked Mar 26 at 17:30
wolfPackwolfPack
181 silver badge7 bronze badges
Why do you want to hide it? If you fear that a man in the middle could use it, use HTTPS.
– Jonas Wilms
Mar 26 at 17:32
In production we do have it going over HTTPS. However our security team has still flagged it and are requiring that it be removed from the URL entirely despite HTTPS.
– wolfPack
Mar 26 at 18:02
Why though? ... That doesnt make anything more secure (or I am missing something)
– Jonas Wilms
Mar 26 at 18:09
This was the reason they cited to me:The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.
– wolfPack
Mar 26 at 18:18
Aah ... they do have a point there, haven't thought of that.
– Jonas Wilms
Mar 26 at 18:19
add a comment |
I'm fairly new to socket.io but I have been trying to figure out a way to remove the sid from the GET requests that the socket.io client sends to the server.
Example:
http://localhost:3333/socket.io/?EIO=3&transport=polling&t=Mcx24JE&sid=pC6VHpJeXalrePERAAAB
I was hoping that the client's connect() call might except some parameters that would allow for one to hide the sid by issuing a POST instead of a GET but so far I haven't had much luck.
Thanks for taking a look.
javascript node.js socket.io
asked Mar 26 at 17:30
wolfPackwolfPack
181 silver badge7 bronze badges
I'm fairly new to socket.io but I have been trying to figure out a way to remove the sid from the GET requests that the socket.io client sends to the server.
Example:
http://localhost:3333/socket.io/?EIO=3&transport=polling&t=Mcx24JE&sid=pC6VHpJeXalrePERAAAB
I was hoping that the client's connect() call might except some parameters that would allow for one to hide the sid by issuing a POST instead of a GET but so far I haven't had much luck.
Thanks for taking a look.
javascript node.js socket.io
javascript node.js socket.io
asked Mar 26 at 17:30
wolfPackwolfPack
181 silver badge7 bronze badges
asked Mar 26 at 17:30
wolfPackwolfPack
181 silver badge7 bronze badges
asked Mar 26 at 17:30
wolfPackwolfPack
181 silver badge7 bronze badges
asked Mar 26 at 17:30
wolfPackwolfPack
181 silver badge7 bronze badges
asked Mar 26 at 17:30
wolfPackwolfPack
181 silver badge7 bronze badges
181 silver badge7 bronze badges
Why do you want to hide it? If you fear that a man in the middle could use it, use HTTPS.
– Jonas Wilms
Mar 26 at 17:32
In production we do have it going over HTTPS. However our security team has still flagged it and are requiring that it be removed from the URL entirely despite HTTPS.
– wolfPack
Mar 26 at 18:02
Why though? ... That doesnt make anything more secure (or I am missing something)
– Jonas Wilms
Mar 26 at 18:09
This was the reason they cited to me:The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.
– wolfPack
Mar 26 at 18:18
Aah ... they do have a point there, haven't thought of that.
– Jonas Wilms
Mar 26 at 18:19
add a comment |
Why do you want to hide it? If you fear that a man in the middle could use it, use HTTPS.
– Jonas Wilms
Mar 26 at 17:32
In production we do have it going over HTTPS. However our security team has still flagged it and are requiring that it be removed from the URL entirely despite HTTPS.
– wolfPack
Mar 26 at 18:02
Why though? ... That doesnt make anything more secure (or I am missing something)
– Jonas Wilms
Mar 26 at 18:09
This was the reason they cited to me:The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.
– wolfPack
Mar 26 at 18:18
Aah ... they do have a point there, haven't thought of that.
– Jonas Wilms
Mar 26 at 18:19
Why do you want to hide it? If you fear that a man in the middle could use it, use HTTPS.
– Jonas Wilms
Mar 26 at 17:32
Why do you want to hide it? If you fear that a man in the middle could use it, use HTTPS.
– Jonas Wilms
Mar 26 at 17:32
In production we do have it going over HTTPS. However our security team has still flagged it and are requiring that it be removed from the URL entirely despite HTTPS.
– wolfPack
Mar 26 at 18:02
In production we do have it going over HTTPS. However our security team has still flagged it and are requiring that it be removed from the URL entirely despite HTTPS.
– wolfPack
Mar 26 at 18:02
Why though? ... That doesnt make anything more secure (or I am missing something)
– Jonas Wilms
Mar 26 at 18:09
Why though? ... That doesnt make anything more secure (or I am missing something)
– Jonas Wilms
Mar 26 at 18:09
This was the reason they cited to me:
The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.– wolfPack
Mar 26 at 18:18
This was the reason they cited to me:
The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.– wolfPack
Mar 26 at 18:18
Aah ... they do have a point there, haven't thought of that.
– Jonas Wilms
Mar 26 at 18:19
Aah ... they do have a point there, haven't thought of that.
– Jonas Wilms
Mar 26 at 18:19
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55363068%2fis-it-possible-to-remove-sid-from-socket-io-client-get-request-to-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Is this question similar to what you get asked at work? Learn more about asking and sharing private information with your coworkers using Stack Overflow for Teams.
Is this question similar to what you get asked at work? Learn more about asking and sharing private information with your coworkers using Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55363068%2fis-it-possible-to-remove-sid-from-socket-io-client-get-request-to-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Why do you want to hide it? If you fear that a man in the middle could use it, use HTTPS.
– Jonas Wilms
Mar 26 at 17:32
In production we do have it going over HTTPS. However our security team has still flagged it and are requiring that it be removed from the URL entirely despite HTTPS.
– wolfPack
Mar 26 at 18:02
Why though? ... That doesnt make anything more secure (or I am missing something)
– Jonas Wilms
Mar 26 at 18:09
This was the reason they cited to me:
The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.– wolfPack
Mar 26 at 18:18
Aah ... they do have a point there, haven't thought of that.
– Jonas Wilms
Mar 26 at 18:19