Skip to content

Added extra headers#35

Open
doubledonaz wants to merge 4 commits intotreeform:masterfrom
doubledonaz:master
Open

Added extra headers#35
doubledonaz wants to merge 4 commits intotreeform:masterfrom
doubledonaz:master

Conversation

@doubledonaz
Copy link

@doubledonaz doubledonaz commented Apr 7, 2022

Hello,

First of all, thank you for this library. It's really useful.
The reason of this pull request is that in my scenario I need to authenticate a websocket client with HTTP Basic Authentication, but at the moment it is not possible to add a personal header in an easy way when the websocket is created.
So I propose to add a list of personal headers when the websocket is created.
I've already tested this new feature in my project and it works fine.

@doubledonaz
Added extra headers param in proc newWebSocket
e1960c9 
Allowed the creation of WebSocket with personal headers like HTTP Bearer Authentication
@doubledonaz
Added test for extra headers
34d73e3
@doubledonaz
Merge branch 'extra-headers'
f2d76fe
@treeform
Copy link
Owner

treeform commented Apr 9, 2022

Sorry I don't know that I want this...

The correct way to do webSocket authentication is to have a authentication packet of your own format you send first before doing anything else.

Even though it makes since to send headers with webSocket, its not really supported anywhere. Chrome/Firefox don't support it. Although its slowly making it into the spec I don't feel its there yet:

https://bugzilla.mozilla.org/show_bug.cgi?id=1229443
https://stackoverflow.com/questions/6714966/basic-authentication-for-websockets
https://websockets.readthedocs.io/en/latest/topics/authentication.html

I feel like providing a way for people to send headers and auth is basically a trap, as it is so badly supported anywhere. I don't want to lead people into a trap.

@sillagiusti
Copy link

sillagiusti commented Apr 26, 2022
edited
Loading

Sorry I don't know that I want this...

The correct way to do webSocket authentication is to have a authentication packet of your own format you send first before doing anything else.

Even though it makes since to send headers with webSocket, its not really supported anywhere. Chrome/Firefox don't support it. Although its slowly making it into the spec I don't feel its there yet:

https://bugzilla.mozilla.org/show_bug.cgi?id=1229443 https://stackoverflow.com/questions/6714966/basic-authentication-for-websockets https://websockets.readthedocs.io/en/latest/topics/authentication.html

I feel like providing a way for people to send headers and auth is basically a trap, as it is so badly supported anywhere. I don't want to lead people into a trap.

Hi,
I'm interested about it.
You described a web application scenario, but if you're going to implement a protocol over Websocket like WAMP, you don't have a browser and as you reported from this link where ietf is quoted:

This protocol doesn't prescribe any particular way that servers can
authenticate clients during the WebSocket handshake. The WebSocket
server can use any client authentication mechanism available to a
generic HTTP server, such as cookies, HTTP authentication, or TLS
authentication."

there are no reasons to limit custom headers IMHO.

@sillagiusti
Copy link

sillagiusti commented May 30, 2022

Any news?

@iffy
Copy link

iffy commented Dec 16, 2022

I also want to customize the headers I send for authenticating my custom ws client to my custom ws server.

@treeform treeform mentioned this pull request May 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@doubledonaz @treeform @sillagiusti @iffy

Comments