Last active
February 6, 2022 03:53
-
-
Save jfromaniello/4087861 to your computer and use it in GitHub Desktop.
socket-io.client send the cookies!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Little example of how to use ```socket-io.client``` and ```request``` from node.js | |
| * to authenticate thru http, and send the cookies during the socket.io handshake. | |
| */ | |
| var io = require('socket.io-client'); | |
| var request = require('request'); | |
| /* | |
| * This is the jar (like a cookie container) we will use always | |
| */ | |
| var j = request.jar(); | |
| /* | |
| * First I will patch the xmlhttprequest library that socket.io-client uses | |
| * internally to simulate XMLHttpRequest in the browser world. | |
| */ | |
| var originalRequest = require('xmlhttprequest').XMLHttpRequest; | |
| require('xmlhttprequest').XMLHttpRequest = function(){ | |
| originalRequest.apply(this, arguments); | |
| this.setDisableHeaderCheck(true); | |
| var stdOpen = this.open; | |
| /* | |
| * I will patch now open in order to set my cookie from the jar request. | |
| */ | |
| this.open = function() { | |
| stdOpen.apply(this, arguments); | |
| var header = j.get({ url: 'http://localhost:9000' }) | |
| .map(function (c) { | |
| return c.name + "=" + c.value; | |
| }).join("; "); | |
| this.setRequestHeader('cookie', header); | |
| }; | |
| }; | |
| /* | |
| * Authenticate first, doing a post to some url | |
| * with the credentials for instance | |
| */ | |
| request.post({ | |
| jar: j, | |
| url: 'http://localhost:9000/login', | |
| form: {username: 'jose', password: 'Pa123'} | |
| }, function (err, resp, body){ | |
| /* | |
| * now we can connect.. and socket.io will send the cookies! | |
| */ | |
| var socket = io.connect('http://localhost:9000'); | |
| socket.on('connect', function(){ | |
| console.log('connected! handshakedddddddddddd') | |
| done(); | |
| })); | |
| }); |
For those that are still ending up here, using a newer version of SocketIO client may be better for you. This pull requests outlines how you can set cookies using the library directly: rakeshok/socket.io-client-cookie#9
Posting the code from the pull request here as well:
const io = require('socket.io-client');
const cookie = 'connect.sid=xyz';
const socket = io(url, { path, extraHeaders: { cookie } `});
Sending cookies across origins is disabled in browsers (I believe at a lower level than any patching could allow).
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Cookies</title>
<script>
window.addEventListener('load', function(event) {
let exist = document.getElementById("exist");
exist.textContent = document.cookie;
let mycookie = "mysession=abc123";
let elem = document.getElementById("cook");
elem.textContent = mycookie;
document.cookie = mycookie;
// let url = "https://www.google.ca/";
let url = "http://localhost:30080/";
let urlelem = document.getElementById("url");
urlelem.textContent = url;
let respelem = document.getElementById("resp");
let req = new Request(url, { credentials: "same-origin" });
fetch(req).then(function(resp) {
return resp.text();
}).then(function(text) {
respelem.textContent = text;
});
});
</script>
</head>
<body>
<p>
Existing document cookies <code id="exist"></code>.
<p>
Sending a cookie <code id="cook"></code> to URL <code id="url"></code>.
<p>
Response text: <code id="resp"></code>.
</body>
</html>Existing document cookies .
Sending a cookie mysession=abc123 to URL http://localhost:30080/.
Response text: <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> [...] </body> </html> .
The browser's console shows the cookie being sent (when using the same origin as a destination).
GET / HTTP/1.1
Host: localhost:30080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: */*
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost:30080/f.html
DNT: 1
Connection: keep-alive
Cookie: mysession=abc123
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This solution does not work when you have multiple socket.io clients in the same node instance. If the clients auth as different users, overriding the cookie in the common
xmlhttprequestmakes all the clients appear to be the same