-1

I am trying to figure out how to add a header with an authorization token to a WebSocket connection, after it has been established. Basically, to use a cookie in order to validate each message in the connection.

There is a great discussion at HTTP headers in Websockets client API already, yet it did not really help me.

One of the the suggestions there was to do:

document.cookie = 'X-Authorization=' + token + '; path=/';

Unfortunately, it did not help me.

func handler(ws *websocket.Conn, h *Hub) {
    go h.run()
    h.addClientChan <- ws
    for {
        config := ws.Config()
        fmt.Println("Headers length:", len(config.Header))
        ...

Shows a map with 0 elements before and after I add the cookie.

Is it possible to alter WebSocket connection headers, after the connection has been established?

Do I even need to add an authorization token to a WebSocket connection, provided I authenticate each time, or is it only useful to re-establish a connection and just a useless check after the fact?

Igor Shmukler
  • 1,742
  • 3
  • 15
  • 48
  • Could you please show full code of golang server? Perhaps you're fetching headers in the wrong way. – Roman Kiselenko Jul 22 '19 at 07:13
  • Thank you for taking a look. Not positive that more code here will help, but I added a couple more lines. Since everything else is running, assuming that `ws` is valid. Right? I am able to receive messages from this WebSocket - `ws` a few lines further down. – Igor Shmukler Jul 22 '19 at 07:18
  • Please add more relevant code, it still unclear which library you're using, how all setuped and all other stuff. – Roman Kiselenko Jul 22 '19 at 07:23
  • I am using `"golang.org/x/net/websocket"`, The thing is setup with `http.NewServeMux()` and `mux.Handle()`. Is it possible to add headers to a WebSocket connection after it has been established? – Igor Shmukler Jul 22 '19 at 07:33

1 Answers1

4

Is it possible to alter WebSocket connection headers, after the connection has been established?

You can't set a cookie upon receipt of a WebSocket message. Once the WebSocket connection has been established, it's an open TCP socket and the protocol is no longer http, thus there is no built-in way to exchange cookies.

You can use authorizathion on the first http request, where both sides establish protocol for exchange data.

Roman Kiselenko
  • 43,210
  • 9
  • 91
  • 103