W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

[WebSocket API]: Missing request header fields option

From: Martin Altenstedt <martin.altenstedt@gmail.com>
Date: Sun, 25 Jan 2015 10:33:24 +0000
Message-ID: <CAB1NwPU4Tf88cBucBkE_PXvjx_ijgSiF+Tet0SOOjxxWsaaeKg@mail.gmail.com>
To: public-webapps@w3.org
The problem:

In section 4, "The WebSocket interface", there is no option in the
constructor to pass in custom request header fields. This is a problem when
I am developing an active client ("SPA"), using token-based authentication
(like OAuth).

Proposed solution:

The WebSocket(url, protocols) constructor currently takes one or two
arguments. I propose a third, optional argument "headers" that allow the
application to add custom headers to the HTTP opening handshake message.


For OAuth protected resource servers, a bearer token is sent in the
Authorization request header field. There is no way for me to pass this
bearer token in an opening handshake exchange since the WebSocket API does
not allow me to set request header fields.

Received on Monday, 26 January 2015 13:23:54 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:25 UTC