[
https://issues.apache.org/jira/browse/JAMES-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17302218#comment-17302218
]
Benoit Tellier commented on JAMES-3457:
---------------------------------------
While starting implementing the PUSH in our webMail we encountered the
following difficulty:
JMAP needs HTTP headers to work: Authorization (for authentication) and Accept
(to specify jmap version)
Using WebSocket API
(https://developer.mozilla.org/en-US/docs/Web/API/WebSocket) we cannot send
HTTP headers.
It is possible with node libraries (https://www.npmjs.com/package/ws,
https://socket.io/) and with command-line clients
(https://github.com/vi/websocat) but the aim of jmap-client-ts is to be used on
web browsers (Firefox, Chrome, ...)
This post on StackOverflow
(https://stackoverflow.com/questions/4361173/http-headers-in-websockets-client-api)
explains it is not possible to pass headers with WebSocket API and proposes
some alternatives.
In the JMAP WebSocket draft
(https://tools.ietf.org/html/draft-ietf-jmap-websocket-07#section-4.1), there
is no other way of authentication than the request initiating the WebSocket, so
with HTTP headers.
This issue (https://github.com/whatwg/html/issues/3062) asks for support of
HTTP headers for WebSocket on browsers, there is also a comment mentioning JMAP
(https://github.com/whatwg/html/issues/3062#issuecomment-722021171)
Possible solutions:
- The WebSocket does not need authentication to be established, the content
of the HTTP headers are instead sent on the first message by the client.
if no auth header is specified on the HTTP handshake, to expect an
Authentication ballot as first message:
```
{ "@type": "Authorization", "Authorization":"Bearer GABOUZOMEUH" }
```
Some alternatives to this approach might be:
- The content of the HTTP headers are instead transmitted by query parameters
though it is not very secure.
- The content of the HTTP headers are instead transmitted by the protocols
list (this will set a header Sec-WebSocket-Protocol) though this is not what
the header is intended to do.
> Support JMAP HTTP PUSH
> ----------------------
>
> Key: JAMES-3457
> URL: https://issues.apache.org/jira/browse/JAMES-3457
> Project: James Server
> Issue Type: Sub-task
> Components: JMAP
> Reporter: Benoit Tellier
> Assignee: Antoine Duprat
> Priority: Major
>
> https://github.com/iNPUTmice/jmap/issues/26
> That would be awesome to have James as one of the first implementors of the
> JMAP RFC-8620 Push mechanism.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
