Purpose of this Component

This component helps secure your server from unwanted web sites trying to connect users to your server. When a WebSocket connection from a browser is created it sends the web site URL the user is on in an HTTP header. This component will automatically close connections if the browser is not from the site(s) you're expecting.

Note: This component is bundled within the App class. By default, in Ratchet\App, OriginCheck is configured to only accept requests from the same domain as is passed to App's __construct.

Events triggered by this Component

As found in the API Docs: Triggered events are propagated through a HttpServerInterface object passed to the __construct.

  • onOpen (ConnectionInterface $conn, RequestInterface $request = null) - A new client connection has been opened
  • onClose (ConnectionInterface $conn) - A client connection is about to, or has closed
  • onError (ConnectionInterface $from, Exception $error) - An error has occurred with a Connection

Configuration properties

  • $allowedOrigins - An array of strings of origins (URLs) to allow.

Functions callable on Connections

  • send (string $message) - Send a message (string) to the client
  • close - Gracefully close the connection to the client

Wraps other components nicely

Wrapped by other components nicely


// Your shell script
use Ratchet\Http\OriginCheck;
use Ratchet\Http\HttpServer;
use Ratchet\Server\IoServer;

    $checkedApp = new OriginCheck(new MyHttpApp, array('localhost'));
    $checkedApp->allowedOrigins[] = 'mydomain.com';

    $server = IoServer::factory(new HttpServer($checkedApp));