Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom headers into handshake #1

Open
adrianhopebailie opened this issue Sep 18, 2019 · 1 comment
Open

Custom headers into handshake #1

adrianhopebailie opened this issue Sep 18, 2019 · 1 comment

Comments

@adrianhopebailie
Copy link

Please allow developers to pass custom headers into the constructor so they can, for example, provide an Authorization header.
@ricea
Copy link
Owner

ricea commented Sep 24, 2019

It's not possible to implement HTTP Authentication in JavaScript because it is handled in the lower levels of the browser's network stack. JavaScript cannot read the 401 response from the server. This means that even if it was possible to provide an Authorization header, it would not be possible to get the semantics right.

WebSockets don't participate in CORS, which would mean the only headers that could safely be set are those on the CORS-safelisted request-header list. None of these are even meaningful for WebSockets.

One possible solution would be to add a CORS mode to WebSockets to permit CORS preflights to be sent. This is probably feasible, but would further encourage people to expect WebSockets to behave like HTTP. The addition of HTTP features to WebSockets has been an enormous source of problems, and it's not something I want to expand upon.

I am leaving this issue open because it is a common request, and it's possible a compelling use case will arise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adrianhopebailie @ricea