Yeah I added websockets to a project a week ago. Headers is no go. Ended up putting it in the url. The good thing is that if you put a token in let's say the query string and it doesn't match, you can instantly cut them off. If it matches, no need to check anything more for the duration of the connection. 👍
Cool. Thx. When I was digging into this topic, I was very surprised that there is still no authentication standard for websockets.
Yeah I added websockets to a project a week ago. Headers is no go. Ended up putting it in the url. The good thing is that if you put a token in let's say the query string and it doesn't match, you can instantly cut them off. If it matches, no need to check anything more for the duration of the connection. 👍
Go man! Thanks