Passing headers while establishing the contact

[abdulbasit1248]

Could anyone explain that how we can pass the auth-token in ActionCableProvider in order to authenticate the user in the backend rails app.
One way is to pass the auth-token in the URL string. But it is not a secure method. The auth token can be seen easily in the logs at the backend.

[cameronbourgeois]

I'm just setting this up, and I agree that this would be a very useful feature.

One solution I am thinking of is to create a new API endpoint that generates and returns a nonce with expiry date for the authenticated user. That nonce can then be passed via the URL to the ActionCableProvider and then used to authenticate the user in my ApplicationCable::Connection. That way we aren't exposing the users primary authentication token via the URL.