-
Notifications
You must be signed in to change notification settings - Fork 264
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Support query string authentication on API WebSocket endpoint #1001
Comments
Not ACK, eclair's API aren't meant to be called directly from a browser (in fact we don't support pre-flight operations) and using the credentials in the websocket url seems to be widely supported, with the exception of firefox. |
Why does it have to be an intention behind the API? Can't it be made as open as possible and users decide what to do with it? Saying it "isn't meant to be called from a browser" includes browser extensions? These are not webpages, but custom installed apps that don't need preflight operations at all. |
The API is for anyone who wants to develop an application using eclair's functionality, typically you'd write a middleware application that act as a proxy for the eclair API (instead of calling them directly from the application). Bearing this in mind we still want to support as many use cases as possible, as far as they don't affect the security. |
Currently the Eclair API expects an
Authorization
header for all its requests, including the WebSocket endpoint at/ws
.While integrating support for Eclair on https://github.com/fiatjaf/kwh/ I found out that, although Chrome/ium will automatically take the credentials from an URL like
ws://user:pass@localhost:1234/ws
and make anAuthorization
header with them, the same is not true for Firefox.There's no way to specify custom headers on the browser WebSocket provider.
To support build of apps that run in the browser and interact with the Eclair API, the WebSocket endpoint could support the password in the querystring, like
ws://localhost:1234/ws?password=foobar
.The text was updated successfully, but these errors were encountered: