Channels: Headers from client

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Channels: Headers from client

Is there a way to send auth headers from client to the server and read them?

I've a mobile app (Ionic + StencilJS), so its necessary to login the user with  the Token, but I can't figure out how to pass it through a header, only in querystring but that is not safe.

I'm using the following custom AuthMiddleware for querystring, the Token model is the one of DRF:
class TokenAuthMiddleware:
Custom middleware (insecure) that takes user Tokens from the query string.

def __init__(self, inner):
# Store the ASGI application we were passed
self.inner = inner

def __call__(self, scope):
query_string = scope['query_string'].decode()
token = get_query_field(query_string, 'token')

if token:
token = Token.objects.get(key=token)
scope['user'] = token.user
except Token.DoesNotExist:
scope['user'] = AnonymousUser()
return self.inner(scope)

TokenAuthMiddlewareStack = lambda inner: TokenAuthMiddleware(AuthMiddlewareStack(inner))

You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit