6

How can I send authorization header for OAuth2 in SSE in javascript? It seems like native JS EventSource does not support any headers to be sent when listening to SSE. Is there another library maybe that will allow me to do that? Does anyone have any idea how to do it?

Gasim
  • 7,615
  • 14
  • 64
  • 131

1 Answers1

2

The SSE standard does not support sending headers (or POST data). Only GET data and cookies. Your choices boil down to:

  • Do a login step first, get a session cookie, and then that cookie will be sent with your EventSource request.
  • Fall back on using XMLHttpRequest2, i.e. comet/longpoll techniques.
Darren Cook
  • 27,837
  • 13
  • 117
  • 217
  • I just send access token in query parameter. – Gasim Mar 16 '17 at 20:09
  • 1
    @gasim I think there may be some security concerns, even when using SSL, see https://community.apigee.com/questions/28794/best-practices-for-passing-an-access-token-without.html Though, conversely, that same page says Facebook does it, so there can't be that much of a security issue! – Darren Cook Mar 16 '17 at 20:39