Basic authentication for websites

Question

Basic authentication for websites

When I create a new websocket using chrome

new WebSocket('ws://gert: passwd@127.0.0.1 :8001/dbname')

Nodejs server gets

 GET /dbname HTTP/1.1 Upgrade: WebSocket Connection: Upgrade Host: 127.0.0.1:8001 Origin: http://127.0.0.1:8000 Sec-WebSocket-Key1: ' 5 5) 4 1e a9 9 0 19 Sec-WebSocket-Key2: 3000909100 Q

How to get gert and passwd?

+6

node.js google-chrome

Gert cuykens Jul 16 '11 at 2:53

source share

5 answers

Chrome did not pass the authorization header as part of the update request. This led to authentication failure.

The problem seems to be fixed in the latest chrome here

+5

Yogaraj baskaravel Oct 17 '14 at 8:38

source share

The Authorization header was not mentioned in the WebSocket specification prior to Hybi-13 . Chrome implements hybi-00 and hybi-10 (depending on the version of Chrome), so it did not require implementation.

Now that it’s mentioned in the protocol, perhaps Google will implement it, but I wouldn’t guarantee that “user: pass @ ...” in the URI will definitely have a way to do this, this may require changing the API of the WebSocket browser.

+4

Chad Oct 11 '11 at 21:15

source share

SSL

I found this link in Quora .

I agree that you can use SSL and just send these credentials as the first message.

Socket.io

You can also use socket.io, which also has web descriptor wrapping for authorizing

+3

Alfred Jul 16 '11 at 11:23

source share

Chrome sends network connected cookies. If you have a session cookie, you can use the session cookie to identify the user initiating the connection to the web server.

+1

Fabian jakobs Jul 31 '13 at 13:17

source share

Andrey Sidorov · Accepted Answer · 2011-07-16T08:55:19+0000

it seems that chrome does not pass the basic auth data in the ws headers. Why not log in to / pwd as part of the url query string? (and use secure wss)

Basic authentication for websites

SSL

Socket.io

More articles: