As we have in socket.io - enable the server to reject the socket based on the original request. Potentially saves app-specific handshake packets, I say +1 for adding this.
I believe this is almost closed by #243. The only thing really left to do is for allowRequest to reject the request with a custom message, and not one of the predefined codes, so the client can get an app-specific rejection.
Closing, allowRequest does the job.