WebSocket Origin Validation¶
When a browser initiates a WebSocket connection, it automatically includes an
Origin header that denotes the domain from which the request originates. With Wallarm API Firewall, you can ensure that the value of the
Origin header matches your predefined list during the upgrade phase of the WebSocket connection. This article outlines the steps to enable
Origin validation for GraphQL queries.
By default, the WebSocket Origin validation feature is disabled. To activate it, configure the following environment variables:
| ||Enables the validation of the |
| ||The list of allowed origins for WebSocket connections. Origins are separated by |
APIFW_GRAPHQL_WS_CHECK_ORIGIN operates independently of
APIFW_GRAPHQL_REQUEST_VALIDATION. WebSocket requests with incorrect
Origin headers will be blocked regardless of the request validation mode.