是否可以对网络套接字升级请求使用承载身份验证? [英] Is it possible to use bearer authentication for websocket upgrade requests?

问题描述

用于打开Websocket连接的升级请求是标准的HTTP请求.在服务器端，我可以像其他请求一样对请求进行身份验证.就我而言，我想使用Bearer身份验证.不幸的是，在浏览器中打开Websocket连接时，无法指定标头，这使我认为无法使用承载身份验证来验证Web套接字升级请求.所以-我是否缺少某些东西，还是真的不可能?如果不可能，这是设计使然，还是对websocket API的浏览器实现的公然监督?

The upgrade request for opening a websocket connection is a standard HTTP request. On the server side, I can authenticate the request like any other. In my case, I would like to use Bearer authentication. Unfortunately, there is no way to specify headers when opening a websocket connection in the browser, which would lead me to believe that it's impossible to use bearer authentication to authenticate a web socket upgrade request. So -- Am I missing something, or is it really impossible? If it is impossible, is this by design, or is this a blatant oversight in the browser implementation of the websocket API?

推荐答案

是的，由于Javascript WebSocket API的设计，现在无法使用Authentication标头. 在此线程中可以找到更多信息: Websockets客户端API中的HTTP标头

You are right, it is impossible for now to use Authentication header, because of the design of Javascript WebSocket API. More information can be found in this thread: HTTP headers in Websockets client API

但是，承载身份验证类型允许使用名为"access_token"的请求参数: http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#query-param 此方法与websocket连接兼容.

However, Bearer authentication type allows a request parameter named "access_token": http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#query-param This method is compatible with websocket connection.

这篇关于是否可以对网络套接字升级请求使用承载身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！