nuharaf
commented
5 years ago This is the problem with browser websocket api. Auth header on websocket handshake can't be set
https://stackoverflow.com/questions/4361173/http-headers-in-websockets-client-api#4361358
Hi,
I have a site served by lighttpd that uses the mqtt javascript client to get data to and from a mqtt broker on the same machine via websockets. This works.
When using digest authorization provided by lighttpd on firefox 61, authorization tokens are sent to the server when requesting files (pages). This works too.
For step one for protection of the broker, I am using lighttpd's mod_proxy to locally forward a different websockets port to that of the broker. This also works.
When enabling lighttpd's digest authorization, I have to and can login to make the site load, but lighttpd denies access to the js mqtt client with code 401 (Unauthorized). In the server logs I see Authorization headers are sent to the server for regular file requests, but for the mqtt requests they are not and thus the requests are rejected by lighttpd and we can't talk mqtt.
So my question is, is not sending authorization headers expected behaviour? Can they be sent after some work?
Thanks, JB