One problem I had with WebSockets is you can not set custom HTTP headers when op... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ponytech on Feb 12, 2022 \| parent \| context \| favorite \| on: Server-Sent Events: an alternative to WebSockets One problem I had with WebSockets is you can not set custom HTTP headers when opening the connection. I wanted to implement a JWT based authentication in my backend and had to pass the token either as a query parameter or in a cookie. Anyone knows the rationale behind this limitation?

charlietran on Feb 12, 2022 [–]

The workaround/hack is to send your token via the "Sec-WebSocket-Protocol" header, which is the one header you're allowed to set in browser when opening a connection. The catch is that your WebSocket server needs to echo this back on a successful connection.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact