EXTRA HEADER with Websocket-only
najibghadri opened this issue · comments
Extra header is currently not supported with websocket only connection. In the documentation you said the RFC 6455 "does not honor" it.
If you look at page 22/ 10
https://tools.ietf.org/html/rfc6455#page-2
- Optionally, other header fields, such as those used to send
cookies or request authentication to a server. Unknown header
fields are ignored, as per [RFC2616].
Clearly it supports other headers. My main use for it would be exactly authentication. Also it is not that complicated with the ws library that engine.io uses.
Any support? Thanks
Hi! I think there are two possible workarounds:
- abuse the protocols attribute:
new WebSocket('https://myserver.com', ['header1=abc', 'header2=123']);
- use basic authentication (though it is not supported by all browsers)
new WebSocket('https://john:doe@myserver.com');
// so that the request includes 'Authorization: Basic ...'
But I'm quite sure both options are not a good idea. WDYT?
Closed due to inactivity, please reopen if needed.