Apparently, it is impossible to attach custom HTTP headers to WebSocket request the same way that we do for XHR.
Instead of using headers, we have decided to follow a pattern similar to the one outlined by this article. We already use a "token" system similar to their "ticket" concept, so we should just need to modify the API server slightly to handle a special "auth" event.
An example "auth" event might look like this:
Or with named parameters:
This ticket is complete when:
- The CLI uses this new authentication method to perform console interactions:
- The server accepts all WebSocket connections without auth, but only allows on command
- The server handles a special "auth" event, that allows user to actually fully use the WebSocket