The problem:

In section 4, "The WebSocket interface", there is no option in the
constructor to pass in custom request header fields. This is a problem when
I am developing an active client ("SPA"), using token-based authentication
(like OAuth).

Proposed solution:

The WebSocket(url, protocols) constructor currently takes one or two
arguments. I propose a third, optional argument "headers" that allow the
application to add custom headers to the HTTP opening handshake message.

Rationale:

For OAuth protected resource servers, a bearer token is sent in the
Authorization request header field. There is no way for me to pass this
bearer token in an opening handshake exchange since the WebSocket API does
not allow me to set request header fields.

https://tools.ietf.org/html/rfc6749
https://tools.ietf.org/html/rfc6750

Reply via email to