- From: Martin Altenstedt <martin.altenstedt@gmail.com>
- Date: Sun, 25 Jan 2015 10:33:24 +0000
- To: public-webapps@w3.org
Received on Monday, 26 January 2015 13:23:54 UTC
The problem: In section 4, "The WebSocket interface", there is no option in the constructor to pass in custom request header fields. This is a problem when I am developing an active client ("SPA"), using token-based authentication (like OAuth). Proposed solution: The WebSocket(url, protocols) constructor currently takes one or two arguments. I propose a third, optional argument "headers" that allow the application to add custom headers to the HTTP opening handshake message. Rationale: For OAuth protected resource servers, a bearer token is sent in the Authorization request header field. There is no way for me to pass this bearer token in an opening handshake exchange since the WebSocket API does not allow me to set request header fields. https://tools.ietf.org/html/rfc6749 https://tools.ietf.org/html/rfc6750
Received on Monday, 26 January 2015 13:23:54 UTC