-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
extraHeader ignored in browser #976
Comments
Note for people who found this via google in the future: As a work around for now, I am passing the token in the query ( io.connect(undefined, { query : "token="+auth.getToken()} ); Then, on my server which is Hapi, I use hapi-auth-jwt2 which has a authentication strategy for tokens that has query parameter /?token= built in and enabled by default. Only use it with SSL. However I would like to use extraHeaders if possible. Thanks! |
Thanks @fullstackwebdev. I'm having trouble to find the documentation of the options. |
@fullstackwebdev I've been fighting with extraHeaders in an angular app all day. I too think extraHeaders during the initial handshake would be the best way. I just successfully implemented this concept which seems like a more elegant solution than passing query parameters. I think it should be safe if you are using SSL/wss. Basically, you let the socket connect, but then make the client pass their token in an 'authorize' message.
and this (client):
|
They have a point. If I remember correctly since sending headers is not the in the official spec of Websocket is not something they want to support. The way I fixed this in my case is by sending the value I want to send through a cookie. But query params works too. |
So this is supported now? |
So it seems like this was added to master. Does anyone know if other clients (android,ios) will implement this soon ? |
@vitriol @gaastonsr this is related to socketio/engine.io-client#554 |
@fullstackwebdev since const socket = io({
transportOptions: {
polling: {
extraHeaders: {
'x-clientid': 'abc'
}
}
}
}); Added to the documentation here. |
This issue should be reopened for the
So, there's no rule against setting other headers from the browser, when establishing WebSocket connections - quite the contrary. By coincidence or not, I landed here precisely because of an authentication problem. The engine.io-client's documentation should be ammended, too. |
I got it, you're missing a proper API in browser. Damn. |
From client side. You must to inverse your transport mode like that : ['polling', 'websocket'] and set withCredentials: true to activate credentials cookies and extraheaders |
This line, seems to detect if we are in a node.js environment:
socket.io-client/socket.io.js
Line 2177 in 13002fb
However, I am trying to set in the browser (Angular) :
extraHeaders : { Authorization : 'Bearer xxxx' }
for JWT authentication to my REST service, hapi-io, which supports token authentication for websockets.
How else can I set a header or accomplish the same thing?
If I comment code around 2177, it doesn't not send the header.
Thanks
The text was updated successfully, but these errors were encountered: