I am creating a websocket upgrade request in javascript and need to add a cookie for adding an authentication token, is this possible with cross domain restrictions? My implementation is pretty basic:
document.cookie="token="+authToken+";domain=www.test.com;path=/";
websocket = new WebSocket(endpoint);
It is not recommended as WebSockets are not restrained by the same-origin policy. Using cookies could actually leave users vulnerable to cross-site scripting attacks (xss).
Warning: The server can't send more than one Sec-Websocket-Protocol header. If the server doesn't want to use any subprotocol, it shouldn't send any Sec-WebSocket-Protocol header. Sending a blank header is incorrect.
A server can open WebSocket connections with multiple clients—even multiple connections with the same client.
WebSocket enables bidirectional, message-oriented streaming of text and binary data between client and server.
You should change the way how you set the cookies value. There is no way to add the domain and path values of the cookies, they are added automatically. You should add just the nameOfProperty and valueOfProperty. See the simple example below:
document.cookie = "FirstProperty=FirstPropertyValue";
document.cookie = "SecondProperty=SecondPropertyValue";
const ws = new WebSocket('ws://localhost:2427/health');
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With