In websockets its not possible to send an authorization header, so I’ve had to resort to sending in the authention token as a query param to the websocket URL. But, is there a directive to handle the authorization, which doesn’t rely on the header? Or another way to authenticate websocket connections?
In websockets its not possible to send an authorization header …
Are you sure about that? I had this old sample of Basic Auth and WebSocket laying around: https://gist.github.com/johanandren/964672acc37b84caca40
Didn’t test it now but I think it should work fine.
It may have worked in unit tests but wouldn’t work in actual browser based websockets
Thanks for linking that back, sounds like a parameter is the way to go from that SO answer.