Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added extra headers #35

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Added extra headers #35

wants to merge 4 commits into from

Conversation

doubledonaz
Copy link

Hello,

First of all, thank you for this library. It's really useful.
The reason of this pull request is that in my scenario I need to authenticate a websocket client with HTTP Basic Authentication, but at the moment it is not possible to add a personal header in an easy way when the websocket is created.
So I propose to add a list of personal headers when the websocket is created.
I've already tested this new feature in my project and it works fine.

@doubledonaz
Added extra headers param in proc newWebSocket
e1960c9 
Allowed the creation of WebSocket with personal headers like HTTP Bearer Authentication
@doubledonaz
Added test for extra headers
34d73e3
@doubledonaz
Merge branch 'extra-headers'
f2d76fe
@treeform
Copy link
Owner

treeform commented Apr 9, 2022

Sorry I don't know that I want this...

The correct way to do webSocket authentication is to have a authentication packet of your own format you send first before doing anything else.

Even though it makes since to send headers with webSocket, its not really supported anywhere. Chrome/Firefox don't support it. Although its slowly making it into the spec I don't feel its there yet:

https://bugzilla.mozilla.org/show_bug.cgi?id=1229443
https://stackoverflow.com/questions/6714966/basic-authentication-for-websockets
https://websockets.readthedocs.io/en/latest/topics/authentication.html

I feel like providing a way for people to send headers and auth is basically a trap, as it is so badly supported anywhere. I don't want to lead people into a trap.

@sillagiusti
Copy link

sillagiusti commented Apr 26, 2022
edited
Loading

Sorry I don't know that I want this...

The correct way to do webSocket authentication is to have a authentication packet of your own format you send first before doing anything else.

Even though it makes since to send headers with webSocket, its not really supported anywhere. Chrome/Firefox don't support it. Although its slowly making it into the spec I don't feel its there yet:

https://bugzilla.mozilla.org/show_bug.cgi?id=1229443 https://stackoverflow.com/questions/6714966/basic-authentication-for-websockets https://websockets.readthedocs.io/en/latest/topics/authentication.html

I feel like providing a way for people to send headers and auth is basically a trap, as it is so badly supported anywhere. I don't want to lead people into a trap.

Hi,
I'm interested about it.
You described a web application scenario, but if you're going to implement a protocol over Websocket like WAMP, you don't have a browser and as you reported from this link where ietf is quoted:

This protocol doesn't prescribe any particular way that servers can
authenticate clients during the WebSocket handshake. The WebSocket
server can use any client authentication mechanism available to a
generic HTTP server, such as cookies, HTTP authentication, or TLS
authentication."

there are no reasons to limit custom headers IMHO.

@sillagiusti
Copy link

Any news?

@iffy
Copy link

iffy commented Dec 16, 2022

I also want to customize the headers I send for authenticating my custom ws client to my custom ws server.

@treeform treeform mentioned this pull request May 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@doubledonaz @treeform @sillagiusti @iffy