We should write a few simple tests to see which implementations require acl:Read access to receive notifications about a given resource on websockets-pubsub. The test suite [sends]() auth headers by default, but these were only a recent proposal and I think most implementations ignore them and just stream notifications to anyone who connects and asks for it. Related to the age-old https://github.com/solid/node-solid-ws/issues/1.
The reporting on these tests should obviously reflect that auth headers are still experimental in websockets-pubsub and they are not yet required by the spec. Still, it's a potential security issue if they're ignored, so worth testing.
We should write a few simple tests to see which implementations require
acl:Read
access to receive notifications about a given resource on websockets-pubsub. The test suite [sends]() auth headers by default, but these were only a recent proposal and I think most implementations ignore them and just stream notifications to anyone who connects and asks for it. Related to the age-old https://github.com/solid/node-solid-ws/issues/1.The reporting on these tests should obviously reflect that auth headers are still experimental in websockets-pubsub and they are not yet required by the spec. Still, it's a potential security issue if they're ignored, so worth testing.