Closed mrkmrtns closed 8 months ago
What usage scenarios require a dynamic Sec-WebSocket-Protocol ?
Sec-WebSocket-Protocol
is used for packing into there also session credentials - it allows us to check at time connection is created if You are allowed to establish it in first place. We do not want to allow establish connection at all if You are not allowed to.
Another option would be to use query
parameters for that, but for obvious reasons it's not good idea to set it that way. Afaik using SubProtocols
is the only way You can send it in header from browser
.
So we can say there is practically infinite numbers of those, one per valid session.
The original was to use sub-protocols for authentication, not a recommended practice, but it works.
This can be achieved without modifying the gws source code
let ws = new WebSocket($addr, ['gws', $token])
upgrader := gws.NewUpgrader(&Handler{}, &gws.ServerOption{
SubProtocols: []string{"gws"},
})
The server can then get the token from the request header
When sending "multiple" then it indeed works, although with just token
would be nicer imo. As I see You do not want to add overwrite option - then can workaround as You suggested.
Problem
We have problem that
SubProtocols
are not known beforehand and are rather dynamic. Therefore we need capability to specify support subprotocols for everywebsocket
connection.I made it by adding next to
Upgrade
functionUpgradeWithOptions
.https://github.com/lxzan/gws/compare/master...mrkmrtns:gws:upgradewithoptions You can check it out here, if it suits for You then I can prepare PR.
UpgradeOptions
struct can be extended in future for any other overwrites/opts - currently added there onlySubProtocols
for our need.Any questions/recommendations are welcome.