EXTRA HEADER with Websocket-only

Question

EXTRA HEADER with Websocket-only

najibghadri opened this issue 4 years ago · comments

Extra header is currently not supported with websocket only connection. In the documentation you said the RFC 6455 "does not honor" it.
If you look at page 22/ 10
https://tools.ietf.org/html/rfc6455#page-2

Optionally, other header fields, such as those used to send
cookies or request authentication to a server. Unknown header
fields are ignored, as per [RFC2616].

Clearly it supports other headers. My main use for it would be exactly authentication. Also it is not that complicated with the ws library that engine.io uses.
Any support? Thanks

Damien Arrachequesne · Answer 1 · Thu Jun 04 2020 16:53:32 GMT+0800 (China Standard Time)

Hi! I think there are two possible workarounds:

abuse the protocols attribute:

new WebSocket('https://myserver.com', ['header1=abc', 'header2=123']);

use basic authentication (though it is not supported by all browsers)

new WebSocket('https://john:doe@myserver.com');
// so that the request includes 'Authorization: Basic ...'

But I'm quite sure both options are not a good idea. WDYT?

Damien Arrachequesne · Answer 2 · Sat Dec 05 2020 08:18:13 GMT+0800 (China Standard Time)

Closed due to inactivity, please reopen if needed.