Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix websocket auth #68

Closed
p53 opened this issue Mar 20, 2021 · 3 comments
Closed

Fix websocket auth #68

p53 opened this issue Mar 20, 2021 · 3 comments
Labels
complex complex change medium medium priority

Comments

@p53
Copy link

p53 commented Mar 20, 2021

Look at
louketo#682
louketo#651
louketo#667
@p53 p53 added the complex complex change label Mar 20, 2021
@p53 p53 added the medium medium priority label Mar 20, 2021
@p53 p53 added this to the 1.3.2 milestone Mar 20, 2021
@p53 p53 modified the milestones: 1.3.2, 1.3.3 Apr 7, 2021
@p53 p53 removed this from the 1.3.3 milestone Jun 18, 2021
@p53 p53 added this to the 2.2.1 milestone Mar 3, 2023
@p53 p53 removed this from the 2.2.1 milestone Mar 15, 2023
@p53 p53 closed this as completed Oct 16, 2023
@escoand
Copy link

escoand commented Oct 16, 2023

May I ask for a bit more context how this is fixed or could be worked around? In the recent releases is nothing obvious, at least for me.

@p53
Copy link
Author

p53 commented Oct 16, 2023
edited
Loading

@escoand
Hi,

louketo#651, it might be solved using cookies
louketo#667, compression used for standard HTTP and websockets are different things as after upgrade gatekeeper is not involved in manipulation of websocket stream, for enabling compression with websocket i would look at Sec-Websocket-Extensions: permessage-deflate header which would be sent by client at start of connection, altough i am not sure how well is this supported by browsers, as it seems there is quite sparse information about it
louketo#682 - that might be solvable with cookies/HTTP CONNECT but i would need to try and verify

@p53 p53 reopened this Nov 5, 2023
@p53
Copy link
Author

p53 commented Nov 5, 2023
edited
Loading

@vishalgoel1988 could you elaborate more on 651 issue, describe exactly your use case? As having token in query param is less safe due to that it will be stored in browser history, usually logged by default by http servers, also not recomended by rfc

@p53 p53 closed this as completed Mar 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complex complex change medium medium priority
Projects
Gatekeeper
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@escoand @p53