Closed RubenVerborgh closed 4 years ago
We right now use a hack https://github.com/solid/react-components/blob/6ea5e5b975a91b9734f2faea5f05e013718ed773/src/UpdateTracker.js#L58 to guess the websocket URL, which of course is not a best practice.
Instead, we should determine it from the request headers. Naively, we could just make a quick HEAD request to the server for every resource we track.
HEAD
To not have to issue that extra request, we probably want to keep track of every request that gets through: https://github.com/solid/react-components/blob/6ea5e5b975a91b9734f2faea5f05e013718ed773/src/UpdateTracker.js#L95 and read the headers on response. I don't think solid-auth-client supports that, and might even be a security risk to allow that. So perhaps we should stick to the extra request for now.
We right now use a hack https://github.com/solid/react-components/blob/6ea5e5b975a91b9734f2faea5f05e013718ed773/src/UpdateTracker.js#L58 to guess the websocket URL, which of course is not a best practice.
Instead, we should determine it from the request headers. Naively, we could just make a quick
HEADrequest to the server for every resource we track.To not have to issue that extra request, we probably want to keep track of every request that gets through: https://github.com/solid/react-components/blob/6ea5e5b975a91b9734f2faea5f05e013718ed773/src/UpdateTracker.js#L95 and read the headers on response. I don't think solid-auth-client supports that, and might even be a security risk to allow that. So perhaps we should stick to the extra request for now.