Specification
It should also be possible for TLS Verification to be done via the HTTP 1.1 Basic Authentication (via the Authentication header).
To achieve this, the VerifyCallback should be expanded to also expose the headers of the incoming request:
type TLSVerifyCallback = (
certs: Array<Uint8Array>,
ca: Array<Uint8Array>,
headers: IncomingHttpHeaders
) => PromiseLike<void>;
As the callers of the TLSVerifyCallbacks always have context of the IncomingMessage http request, we can pass the IncomingMessage.headers into the verifyCallback as the third param.
There will also need to be some API in the WebSocketConfig to be able to set headers for outgoing messages.
ws provides different APIs for setting headers for clients and servers:
- servers use the
headers event on WebSocketServer to modify the headers before they are sent
- clients use the
finishRequest callback to customize headers on the OutgoingMessage before it is sent
Additional context
Tasks
- Expand
TLSVerifyCallback to support passing of headers
- Allow user to provide headers in
WebSocketConfig
- Pass provided headers to
ws library
Specification
It should also be possible for TLS Verification to be done via the HTTP 1.1 Basic Authentication (via the
Authenticationheader).To achieve this, the VerifyCallback should be expanded to also expose the headers of the incoming request:
As the callers of the
TLSVerifyCallbacks always have context of theIncomingMessagehttp request, we can pass theIncomingMessage.headersinto the verifyCallback as the third param.There will also need to be some API in the
WebSocketConfigto be able to set headers for outgoing messages.wsprovides different APIs for setting headers for clients and servers:headersevent onWebSocketServerto modify the headers before they are sentfinishRequestcallback to customize headers on theOutgoingMessagebefore it is sentAdditional context
Tasks
TLSVerifyCallbackto support passing of headersWebSocketConfigwslibrary