Theia API Documentation v1.73.0
    Preparing search index...

    Validates WebSocket and HTTP requests using a cookie-based connection token.

    In browser deployments, the server generates a random token at startup and sets it as a SameSite=Strict; HttpOnly cookie on the first page load. Cross-origin pages cannot obtain or send this cookie, so their requests are rejected.

    This complements the origin validator: non-browser callers that omit the Origin header (e.g. Node.js scripts) still cannot reach the backend without the cookie.

    Skipped in Electron deployments (which use their own ElectronSecurityToken).

    Implements

    Index

    Constructors

    Properties

    browserConnectionToken: BrowserConnectionToken
    earlyMiddleware: EarlyExpressMiddleware

    Methods