Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to provide custom sec-websocket-protocol header #147

Open
themeeman opened this issue Oct 2, 2024 · 0 comments
Open

Add ability to provide custom sec-websocket-protocol header #147

themeeman opened this issue Oct 2, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@themeeman
Copy link

What is the problem this feature would solve?

The WebSocket browser API is a bit broken, and annoyingly doesn't support passing custom headers. I've done a lot of research, and it seems the most secure and efficient way to handle authentication with websockets is smuggling authentication tokens in the sec-websocket-protocol header. Browsers support this as the second parameter to the WebSocket constructor, i.e. const ws = new WebSocket("wss://localhost:3000/ws", [authToken]);.

I managed to implement this in my Elysia backend, but my hurdle to using Treaty is this method isn't supported, as supplying custom headers entirely isn't supported by the browsers. This however would be very simple to add.

What is the feature you are proposing to solve the problem?

Add a third parameter to Treaty.Create.subscribe, protocols: string[], which would be passed into the internal WebSocket constructor's second argument.

What alternatives have you considered?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@themeeman