New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support duplex communication #11

merged 7 commits into from Oct 21, 2018


None yet
2 participants

dunglas commented Oct 18, 2018

This PRs add proper duplex support to Mercure. This change will allow to easily dispatch updates from clients (dispatching updates from servers is still supported, of course).

It gives more flexibility to clients, and will help in some case where relatively low latency is necessary (such as video games).

The main changes are:

  • Two authorization mechanisms are now available, both to publish and to subscribe: using an Authorization header (for servers), or using a cookie (for web browsers)
  • The same JWT may be used to subscribe and to publish
  • The format of the Mercure's JWT claim now looks like:
    "mercure": {
        "publish": ["an empty array for public updates only, or a list of targets, or * for all targets"],
        "subscribe": ["a list of targets, or * for all targets (not required for public messages)"]
    "other JWT claims": "..."
  • The same URL must be used to subscribe (GET) and to publish (POST) (it was not mandatory before)
  • Consequently, CSRF mitigation must be added to the hub, a new "Security Considerations" section has been added

I'll update the reference implementation in the same PR.

This change is the result of a discussion with @K-mos.


This comment has been minimized.


sroze commented Oct 18, 2018

dunglas added some commits Oct 19, 2018

@dunglas dunglas merged commit 9d81bb0 into master Oct 21, 2018

1 check passed

coverage/coveralls Coverage increased (+1.2%) to 93.535%

@dunglas dunglas deleted the duplex branch Oct 21, 2018

@dunglas dunglas referenced this pull request Oct 21, 2018


Allow Hub to scale #10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment