abstract fun setAllowedOrigins(vararg origins: String): WebSocketHandlerRegistration
Configure allowed Origin header values. This check is mostly designed for browser clients. There is nothing preventing other types of client to modify the Origin header value.
When SockJS is enabled and origins are restricted, transport types that do not allow to check request origin (JSONP and Iframe based transports) are disabled. As a consequence, IE 6 to 9 are not supported when origins are restricted.
Each provided allowed origin must start by "http://", "https://" or be "*" (means that all origins are allowed). By default, only same origin requests are allowed (empty list).
Since
4.1.2
See Also
<a href="https://tools.ietf.org/html/rfc6454">RFC 6454: The Web Origin Concept</a><a href="https://github.com/sockjs/sockjs-client#supported-transports-by-browser-html-served-from-http-or-https">SockJS supported transports by browser</a>