-
Improvement
-
Resolution: Unresolved
-
Normal
-
None
-
None
Apparently, it is impossible to attach custom HTTP headers to WebSocket request the same way that we do for XHR.
Instead of using headers, we have decided to follow a pattern similar to the one outlined by this article. We already use a "token" system similar to their "ticket" concept, so we should just need to modify the API server slightly to handle a special "auth" event.
An example "auth" event might look like this:
{ "action": "auth", args: [ token, namespace, ip ] }
|
Or with named parameters:
{ "action": "auth", args: { "token": token, "namespace": namespace, "source": ip } }
|
This ticket is complete when:
- The CLI uses this new authentication method to perform console interactions:
- The server accepts all WebSocket connections without auth, but only allows on command
- The server handles a special "auth" event, that allows user to actually fully use the WebSocket