Adding basic support for sending cookies into xhr handshakes #439

Closed
wants to merge 2 commits into
from

Projects

None yet

6 participants

@jscharlach
Contributor

No description provided.

@ajaymaru

+1

@jkingyens

+1

@rituparnawy

+1

@FredyC
Contributor
FredyC commented Sep 5, 2013

👍
I am wondering why this hasn't been merged yet. It's so simple and elegant solution...

@FredyC
Contributor
FredyC commented Oct 8, 2013

Actually this doesn't solve a thing. See my latest comment in #344.

@chill117

I have been struggling to get unit tests involving socket.io-client to work with authentication. This pull request plus a minor change to the xmlhttprequest module that the socket.io-client module depends on worked for me. Here are the instructions for the additional changes:

Change the following of socket.io-client/node_modules/xmlhttprequest/lib/XMLHttpRequest.js:

  // These headers are not user setable.
  // The following are allowed but banned in the spec:
  // * user-agent
  var forbiddenRequestHeaders = [
    "accept-charset",
    "accept-encoding",
    "access-control-request-headers",
    "access-control-request-method",
    "connection",
    "content-length",
    "content-transfer-encoding",
    "cookie",
    "cookie2",
    "date",
    "expect",
    "host",
    "keep-alive",
    "origin",
    "referer",
    "te",
    "trailer",
    "transfer-encoding",
    "upgrade",
    "via"
  ];

To:

  // These headers are not user setable.
  // The following are allowed but banned in the spec:
  // * user-agent
  var forbiddenRequestHeaders = [
    "accept-charset",
    "accept-encoding",
    "access-control-request-headers",
    "access-control-request-method",
    "connection",
    "content-length",
    "content-transfer-encoding",
    //"cookie",
    "cookie2",
    "date",
    "expect",
    "host",
    "keep-alive",
    "origin",
    "referer",
    "te",
    "trailer",
    "transfer-encoding",
    "upgrade",
    "via"
  ];

And, add the following immediately after the above code:

  // Forbid "Cookie" header in all environments EXCEPT 'test'
  if (process.env.NODE_ENV != 'test')
    forbiddenRequestHeaders.push('cookie')
@chill117 chill117 referenced this pull request in socketio/engine.io-client Jun 2, 2014
Closed

Allow sending of cookie header in XHR handshake. #304

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment