-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cookie support to WebSockets #2052
Closed
Closed
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried adding a test for
replace
, but it seems that cookies in the global cookie jar (http.cookieJar()
) are not propagated tows.connect()
. I.e. this script doesn't send the cookie:So my question is: should it? Based on this comment probably not as it would be a breaking change. But should we then have an equivalent
ws.cookieJar()
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it should and I also think that is the better first change.
Unfortunately the web socket library we use takes only jars and as adding both a cookie and using the jar should probably not add the cookie to the jar you will need to:
Given that ... I am more for not having a way to specify a cookie but to
And then whoever wants to specify a Cookie can just add it to the jar and pass the jar or continue setting the Header ... both of which arguably aren't that much harder especially as I would expect the bigger problem will be that you would've made an HTTP request it would set you the cookie in the jar, but then that won't be used by the websocket. And the someone less likely variant of websocket HTTP call setting a cookie that isn';t set on the default jar
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mstoykov I'm a bit confused by the changes you want 😅 Can you summarize them as commit messages? :)
FWIW
gorilla/websocket
does support setting aCookie
header and not just via a jar. See Dialer.DialContext. There's an issue about the header overriding the jar, but IMO this seems like desired behavior.So the way I see it to handle this "properly" and achieve feature-parity with how it works for
http
we should:Add a per-VU WS-only cookie jar (
ws.cookieJar()
) from which we will copy to theDialer.Jar
for each new connection.Keep this
params
approach to override cookies per connection, maybe without usingDialer.Jar
but simply setting it as a header.Allow passing a standalone jar via
params
(new ws.CookieJar()
) that will be set toDialer.Jar
after merging any cookies set viaparams
and in the global jar. We should document how overriding works to avoid surprises.I would've preferred if all this could work with
http.cookieJar()
, since the only reason we need a WS approach is to avoid breaking existing scripts, but hopefully we can unify this when we refactor WS and after the new HTTP API.WDYT? cc: @na--
EDIT: Needless to say, I doubt this will be tested and ready for v0.33.0 so we might want to postpone it.
Also this expands on the scope of #1226 which merely wanted it passed via
params
. So we could merge a variation of this change and figure out jar handling later.(?)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As mentioned in this comment from the "fix" this seems like the correct behaviour ;). And I agree with that.
This is IMO the wrong thing to try to do given #1923 which literally spells out how not ... good and confusing the cookie works for HTTP. Also it was provoked by me trying to work on this exact PR/issue.
IMO this should :
Params.jar
which is http.Cookiejar .. .we can probably move it and keep it's old name as well ... although a bit finicky.Params.headers.Cookie
to overwrite any of the above (so no change I think)Params.Cookies
should not be supported, at least for now. (look at how the merging works for HTTP and you will see it as PITA, and likely is ... completely not useful as I will try to explain below.)Reasons:
will remove the whole need for having
Cookie
in theparams
. It might be 2 lines more or something like that, but given how much cleaner it will be and less confusing IMO that should've been what was done instead of the current merging of cookies between params.jar and params.cookies that is happening ...I see no reason why not do it now ... or just not do these changes at all for now ;) .
This has been the case forever and even now users can always just set the
Cookie
header. The main benefit of providing ajar
IMO is that it makes things less confusing when you need to get a cookie from HTTP request and give it to the websocket one (which is still HTTP first) and , secondly, for when a websocket connection set cookies ... which currently needs to be parsed by the user somehow.The only useful thing about
params.Cookie
currently is:jar
given that those two matchjar
cookiesThe problems with those are:
replace:true
part which makes the syntax horrible and I doubt there are many people who even know about this or use it. (it also means that it will change if the jar suddenly gets the same cookie for some reason)2.
at which point it doesn't.The whole problem IMO comes from the fact that understanding how the 3 ways interact and interact with redirects makes the whole thing way too confusing to the point that even the (technically small) improvements that it does in the case
2-4
likely get removed by the fact that anyone who needs to set cookies specifically as the usual cookie jar support doesn't work will also hit one of the many problems listed above in some respect.