Channels: Headers from client

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Channels: Headers from client

Heigler
Is there a way to send auth headers from client to the server and read them?

I've a mobile app (Ionic + StencilJS), so its necessary to login the user with  the Token, but I can't figure out how to pass it through a header, only in querystring but that is not safe.

I'm using the following custom AuthMiddleware for querystring, the Token model is the one of DRF:
class TokenAuthMiddleware:
"""
Custom middleware (insecure) that takes user Tokens from the query string.
"""

def __init__(self, inner):
# Store the ASGI application we were passed
self.inner = inner

def __call__(self, scope):
query_string = scope['query_string'].decode()
token = get_query_field(query_string, 'token')

if token:
close_old_connections()
try:
token = Token.objects.get(key=token)
scope['user'] = token.user
except Token.DoesNotExist:
scope['user'] = AnonymousUser()
return self.inner(scope)

TokenAuthMiddlewareStack = lambda inner: TokenAuthMiddleware(AuthMiddlewareStack(inner))

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/065158aa-c5c3-4b39-bf45-f915039405d4%40googlegroups.com.