lxzan
commented
8 months ago What usage scenarios require a dynamic Sec-WebSocket-Protocol ?
Closed mrkmrtns closed 8 months ago
lxzan
commented
8 months ago What usage scenarios require a dynamic Sec-WebSocket-Protocol ?
mrkmrtns
commented
8 months ago Sec-WebSocket-Protocol is used for packing into there also session credentials - it allows us to check at time connection is created if You are allowed to establish it in first place. We do not want to allow establish connection at all if You are not allowed to.
Another option would be to use query parameters for that, but for obvious reasons it's not good idea to set it that way. Afaik using SubProtocols is the only way You can send it in header from browser.
So we can say there is practically infinite numbers of those, one per valid session.
lxzan
commented
8 months ago The original was to use sub-protocols for authentication, not a recommended practice, but it works.
This can be achieved without modifying the gws source code
let ws = new WebSocket($addr, ['gws', $token])upgrader := gws.NewUpgrader(&Handler{}, &gws.ServerOption{
SubProtocols: []string{"gws"},
})The server can then get the token from the request header
mrkmrtns
commented
8 months ago When sending "multiple" then it indeed works, although with just token would be nicer imo. As I see You do not want to add overwrite option - then can workaround as You suggested.
Problem
We have problem that
SubProtocolsare not known beforehand and are rather dynamic. Therefore we need capability to specify support subprotocols for everywebsocketconnection.I made it by adding next to
UpgradefunctionUpgradeWithOptions.https://github.com/lxzan/gws/compare/master...mrkmrtns:gws:upgradewithoptions You can check it out here, if it suits for You then I can prepare PR.
UpgradeOptionsstruct can be extended in future for any other overwrites/opts - currently added there onlySubProtocolsfor our need.Any questions/recommendations are welcome.