public function onHandshake(Request $request, Response $response)
{
// During handshakes, you should always check the origin header, otherwise any site will
// be able to connect to your endpoint. Websockets are not restricted by the same-origin-policy!
$origin = $request->getHeader("origin");
if ($origin !== "http://localhost:1337") {
$response->setStatus(403);
$response->send("<h1>origin not allowed</h1>");
return null;
}
// returned values will be passed to onOpen, that way you can pass cookie values or the whole request object.
return $request->getConnectionInfo()["client_addr"];
}