Closed jonasraoni closed 2 years ago
bjowes
commented
3 years ago Hi @jonasraoni - Iβm glad it is useful π
I havenβt tested the plugin with WebSocket, so there might be issues with that.
How is that intended to work? First the NTLM handshake over HTTP and then upgrade to WebSocket? I need to add some test cases so I need to understand it.
bjowes
commented
3 years ago After setting up a test environment with websockets, I can confirm that the plugin does not support authenticated websockets. Websockets without authentication works fine. Is this an odd use case? I found some links indicating that even Chrome does not support authentication on websockets. I will look into it regardless, if it isn't very complex I'll implement it.
jonasraoni
commented
3 years ago Hmm, I'm not sure how often this is used in the wild. As I'm dealing with confidential information I've decided to enable the authentication everywhere I could. Well, I'll be using my alternative fix. Keep up the good work =]
bjowes
commented
3 years ago I've been looking more into this. Could you provide some more details? I need to simulate the setup to try out an implementation. Which browser? Which web server? And I presume you mean windows authentication (NTLM or Negotiate using HTTP headers) when you say "authenticated websocket", since there are other means for websocket authentication.
creage
commented
3 years ago @jonasraoni Mind sharing your solution? π
jonasraoni
commented
3 years ago @bjowes I'm just testing things in Chrome, Edge and IE11 (π), the server is .net core 3.1 (HttpSys). Yeah, all the authentication is done through NTLM.
@creage I'm using the WebSocket client for SignalR and it has some fallback implementations (long-polling/server-sent events) which use simple HTTP requests, so it's somehow acceptable for me. Another way would be to disable the authentication requirement in the server while testing π©
bjowes
commented
2 years ago Since this seems like a rare use case, there are no plans to add it to the plugin for now.
Hi @bjowes!
Thanks for the plugin, I'd have a harder time testing my SPAs without it :)
The plugin is working fine with standard HTTP requests, but looks like the WebSocket authentication is failing π€ Well, I'll inspect later, by now I've just modified the connection to "long polling" mode to not stay stuck.