Reputation: 59994
When I create a new EventSource
in JavaScript to listen for server-sent events, like this:
var source = new EventSource("data/pushed");
Is there any way for me to specify additional headers (like some authentication token) in the outgoing HTTP request?
Upvotes: 8
Views: 11641
Reputation: 1
If you have flexibility to use other packages, can use ngx-sse-client which can be used to add headers. There are some other libs like eventsource which provides the same functionality
Upvotes: 0
Reputation: 563
We had similar issue, and we decided in the end to send our authorization token through URL and not to worry about security since it will be protected by SSL (in production, of course, we use HTTPS protocol).
Upvotes: 2
Reputation: 28928
No, the EventSource standard does not include setRequestHeader
the way XMLHttpRequest
does.
It also does not support POST. But you do have cookies. So, my preferred approach for authentication tokens, where practical, is to have the user first login and create a session, and then that session cookie will be passed along with your SSE requests. (Aside: if using PHP, and using sessions with SSE, remember they are locked, so your SSE process should call session_write_close()
as soon as it has validated the user. Sessions in other languages might have a similar issue.)
The only other alternative I can suggest is to use XMLHttpRequest
(i.e. the Comet approach).
Upvotes: 8