Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Enhancement to customize the HTTP error code upon authorization failure #1051

jayyvis opened this Issue · 1 comment

2 participants


socket io version : 0.9.10
source: Manager.prototype.handleHandshake

If there a way to pass the required HTTP error code upon authorization failure, it would be convenient for applications. Currently sends HTTP 403 by default.

writeErr(403, 'handshake unauthorized');

Actually during the authorization process, my application verifies the authentication details before allowing a client to get connected. And if the authentication fails, it would be appropriate to send a HTTP 401 rather than HTTP 403 so that the client shall retry with correct credentials.



I wanted to add login/logout support to our webapp and as far as I can see there is no way to send 401 to the client.

There is a difference:

  • 401 (unauthorized) means the client is not authorized, so I should show them login popup,
  • 403 (forbidden) means client is authorized, but they are not allowed to see the requested content.

As of now (npm ls shows 0.9.16), all I can send is

  • 200 callback(null, true)
  • 403 callbackor(null, false)
  • 500 callback(exception).

Resolving this issue would be very appreciated :)

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.