search

dunglas / mercure

🪽 An open, easy, fast, reliable and battery-efficient solution for real-time communications
https://mercure.rocks
GNU Affero General Public License v3.0
3.98k stars 296 forks source link

Are the JS examples / demo valid? How to handle SSE errors/reconnects? #377

Closed mkrakiewicz closed 3 years ago

mkrakiewicz commented 4 years ago

Hi, I'm trying to subscribe with auth to Mercure. The native EventSource works OK without authentication.

TLDR: the js lib https://github.com/Yaffle/EventSource used in the examples for custom Header auth throws me errors constantly in the development version.

AFAIK to authenticate I need to either: a) use cookies (but this requires to have Mercure and WWW to have on the same domain, which is very restricting) b) use JS polyfills to send a custom header with Authorization: Bearer c) it seems it's not possible to send the JWT simply as a query parameter?

I've tried to use cookies but it fails for different domains (I need this for testing at the moment). So I've turned to polyfills but they would throw weird errors, so I looked into the demo to get the exact lib&version (since it works and doesn't throw any errors * ):

Zrzut ekranu 2020-09-24 o 10 19 46

The @1 is in fact 1.0.20 now: https://cdn.jsdelivr.net/npm/event-source-polyfill@1.0.20

In the demo, or when I use the CDN version, I see no errors in the console.

But I work with webpack as it should be, and I assume most people do. When I use non-minified version of this lib I get errors every ~15 seconds:

Zrzut ekranu 2020-09-24 o 10 51 06 Zrzut ekranu 2020-09-24 o 10 53 49

The code still works, but the errors are unexpected.

So, does the demo use correct js for error handling? How to handle those errors / reconnects properly? Because this doesn't happen in the native EventSource.

* - It seems it only doesn't throw errors all the time, because it uses a minified version, which has stripped console.error calls.

EDIT:

I've degraded version to 1.0.19 and the console log is removed and I can use a listener to get errors manually.

soyuka commented 4 years ago

It looks like you have issues with the polyfil version indeed. I'd suggest that you open an issue there to help handling errors.

I have used this with Cookies for authorization as they work well and are secure, indeed you have to specify cookie policies for it to work (see https://mercure.rocks/spec#authorization). Note also that with HttpOnly cookies this authorization is pretty transparent for the javascript developer.

it seems it's not possible to send the JWT simply as a query parameter?

no you can't

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.