Skip to content Skip to sidebar Skip to footer
Home / Cookies / Cross Domain / Javascript / Websocket

Is There An Equivalent For Fetch's "credentials: 'include'" Or Xmlhttprequest's "withcredentials" For Websocket?

Post a Comment
I'm setting up a web service that provides both authentication and a WebSocket interface. The API of the server needs to be accessible cross-domain and still receive the cookie set

Solution 1:

I've figured this out by now. The following assumes that third-party cookies are enabled:

The default behavior, at least in all major browsers I've tested, is that the existing cookie will be sent with the WebSocket request (i.e. exactly as I wanted it). The browser I was using where I encountered the issue is Brave. Brave seems to have a bug that Cookies are not added to WebSocket connections. So it wasn't an issue in the first place, just a bug in the particular browser I was using.

When third-party cookies are blocked though (as they are by default in Safari), I don't think there is a way to achieve what I'd like to achieve.

Post a Comment for "Is There An Equivalent For Fetch's "credentials: 'include'" Or Xmlhttprequest's "withcredentials" For Websocket?"