New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EXTRA HEADER with Websocket only #1356
Comments
https://github.com/socketio/engine.io-client/blob/master/lib/transports/websocket.js#L63 By read source code mentioned above, you can make this work by: socketIO('https://example.org', {
path: '/api/endpoint',
transports: ['websocket'],
transportOptions: {
websocket: {
extraHeaders: {
Cookie: 'It works',
},
},
},
}); And even this: socketIO('https://example.org', {
path: '/api/endpoint',
transports: ['websocket'],
extraHeaders: {
Cookie: 'It works',
},
}); |
Based on the source code snippets indeed looks like there is no restriciton, but did you test it? I am going to test it later when I have time, but if it works then the documentation needs update, since: https://socket.io/docs/client-api/#With-extraHeaders:
It states otherwise... |
Hey guys. |
@najibghadri @behruzz It works for me with above example, and don't put extreHeader under polling |
It works for me when runninng in nodejs, it does not when running in chrome. This cannot be done as it is not supported by the browsers api https://developer.mozilla.org/en-US/docs/Web/API/WebSocket |
It seems that somebody thinks it should work, since also according to the documentation:
By the way, if you can't use cookies, does this basically mean you can only use IP addresses for sticky balancing? |
@AvailCat please note that the examples you provided will not work in the browser @rotvr if you only use the WebSocket transport, you don't need sticky session, since the WebSocket connection (and the underlying TCP connection) is kept open during the whole session. If you do use the polling transport, the first HTTP request sets a cookie ( More information here: https://socket.io/docs/using-multiple-nodes/ See also: socketio/engine.io-client#635 (comment) |
@darrachequesne is there a workaround to set custom headers in the browser? |
@satpal-07 if you are using only websockets, there is currently no workaround (this is not covered by the WebSocket spec). If you are using HTTP long-polling (enabled by default), this will work: import { io } from "socket.io-client";
const socket = io({
extraHeaders: {
"my-custom-header": "1234"
}
}); Reference: https://socket.io/docs/v4/client-initialization/#extraHeaders |
Thanks @darrachequesne for your reply. I am using websockets only, I need to pass a token to backend from browser along with the websocket connection request and the token will be validated in a F5 server before the request allowed to hit the socket server. I am considering to use the query option. Is this something that will work?
|
@satpal-07 yes, this should totally work 👍 Please note that your token will be sent in the query parameters of the request, and will thus be URL-encoded. |
I do not think sending the access token inside a query params is a wise thing to do. Refer below link for reference. Instead you can send the accesstoken in the auth key. Client
Server
|
Would it be an option for in-browser use, to load the token in the request body of the websocket message, instead of directly in the headers? That way, a reverse proxy or load balancer could move the request body to a header, which then could be used internally for load balancing, authentication, or other header-based handeling. |
@Robbert-Brand unfortunately, the WebSocket API for the browser does not allow sending a request body within the HTTP upgrade request. What could be done is send a first HTTP request, retrieve a cookie, and then open the WebSocket connection. |
For future readers, to send some credentials when only using WebSocket, you should use the const socket = io({
transports: ['websocket'],
auth: {
token: 'some-token-value'
}
}); |
Extra header is currently not supported with websocket only connection. In the documentation you said the RFC 6455 doesn't "honour it".
If you look at page 22/ 10
https://tools.ietf.org/html/rfc6455#page-22
Clearly it supports it, and I personally find it very useful too. Also it is not that complicated with the ws library that engine.io uses.
Any support? Thanks
The text was updated successfully, but these errors were encountered: