Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Enhancement to customize the HTTP error code upon authorization failure #1051

Closed
jayyvis opened this Issue · 1 comment

2 participants

@jayyvis

socket io version : 0.9.10
source: Manager.prototype.handleHandshake

If there a way to pass the required HTTP error code upon authorization failure, it would be convenient for applications. Currently socket.io sends HTTP 403 by default.

writeErr(403, 'handshake unauthorized');

Actually during the authorization process, my application verifies the authentication details before allowing a client to get connected. And if the authentication fails, it would be appropriate to send a HTTP 401 rather than HTTP 403 so that the client shall retry with correct credentials.

@witoldsz

+1

I wanted to add login/logout support to our webapp and as far as I can see there is no way to send 401 to the client.

There is a difference:

  • 401 (unauthorized) means the client is not authorized, so I should show them login popup,
  • 403 (forbidden) means client is authorized, but they are not allowed to see the requested content.

As of now (npm ls shows 0.9.16), all I can send is

  • 200 callback(null, true)
  • 403 callbackor(null, false)
  • 500 callback(exception).

Resolving this issue would be very appreciated :)

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.