Websocket and EventSource cannot carry custom header on browser. well then how can i have it carry my token to be authed?

the only other way i can think of is to carry it via url, which is not secure

U dun have to carry ur token on every request, u authenticate it when u establish the socket
https://ably.com/blog/websocket-authentication

but if someone figure out the endpoint for socket they can try to connect to the socket directly?

edit: oh ok i realise what u meant u cant add custom header during the handshake as well right?


This post has been edited by 15cm: Mar 14 2025, 05:47 PM

The link got the example of submitting token during handshake too

hmm i thought its not possible lol

let me try this later

Please read the pros and cons too, the post discussed pros and cons of all methods