Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

EventSource and basic http authentication

Does anyone know if it is possible to send basic http authentication credentials with EventSource?

like image 282
Miloš Rašić Avatar asked Jul 08 '11 10:07

Miloš Rašić


People also ask

What is the use of HTTP basic authentication?

HTTP basic authentication is a simple challenge and response mechanism with which a server can request authentication information (a user ID and password) from a client. The client passes the authentication information to the server in an Authorization header. The authentication information is in base-64 encoding.

How can I pass the basic HTTP authentication or token authentication?

Basic HTTP authentication You need to generate a Base64-encoded credential with the Customer ID and Customer Secret provided by Agora and pass the credential to the Authorization parameter in the request header.

What is HTTP authentication?

Authentication is the process of identifying whether a client is eligible to access a resource. The HTTP protocol supports authentication as a means of negotiating access to a secure resource. The initial request from a client is typically an anonymous request, not containing any authentication information.

What is EventSource in Javascript?

The EventSource interface is web content's interface to server-sent events. An EventSource instance opens a persistent connection to an HTTP server, which sends events in text/event-stream format. The connection remains open until closed by calling EventSource.


2 Answers

I'm looking for a solution to the same problem. This post here says this:

Another caveat is that as far as we know, you cannot change the HTTP headers when using EventSource, which means you have to submit an authorization query string param with the value that you would have inserted using HTTP Basic Auth: a base64 encoded concatenation of your login and a token.

Here is the code from the post:

// First, we create the event source object, using the right URL.
var url = "https://stream.superfeedr.com/?";
url += "&hub.mode=retrieve";
url += "&hub.topic=http%3A%2F%2Fpush-pub.appspot.com%2Ffeed";
url += "&authorization=anVsaWVuOjJkNTVjNDhjMDY5MmIzZWFkMjA4NDFiMGViZDVlYzM5";

var source = new EventSource(url);

// When the socket has been open, let's cleanup the UI.
source.onopen = function () {
  var node = document.getElementById('sse-feed');
  while (node.hasChildNodes()) {
    node.removeChild(node.lastChild);
  }
};

// Superfeedr will trigger 'notification' events, which corresponds
// exactly to the data sent to your subscription endpoint 
// (webhook or XMPP JID), with a JSON payload by default.
source.addEventListener("notification", function(e) {
  var notification = JSON.parse(e.data);
  notification.items.sort(function(x, y) {
    return x.published - y.published;
  });
  notification.items.forEach(function(i) {
    var node = document.getElementById('sse-feed');
    var item = document.createElement("li");
    var t = document.createTextNode([new Date(i.published * 1000), i.title, i.content].join(' '));
    item.appendChild(t);
    node.insertBefore(item, node.firstChild);
    // We add the element to the UI.
  });
});
like image 58
Karthic Raghupathi Avatar answered Sep 27 '22 15:09

Karthic Raghupathi


If your talk about cookies (not http auth):

EventSource uses http, so cookies are sent with the EventSource connection request.

Http auth should be supported as any other http url, although from the spec CORS+http auth is not supported.

like image 34
4esn0k Avatar answered Sep 27 '22 16:09

4esn0k