Skip to content

Instantly share code, notes, and snippets.

@jfromaniello

jfromaniello/gist:4087861

Last active February 6, 2022 03:53
Show Gist options
  • Star 23 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save jfromaniello/4087861 to your computer and use it in GitHub Desktop.
Save jfromaniello/4087861 to your computer and use it in GitHub Desktop.
Download ZIP
socket-io.client send the cookies!
Raw
gistfile1.js
/*
* Little example of how to use ```socket-io.client``` and ```request``` from node.js
* to authenticate thru http, and send the cookies during the socket.io handshake.
*/
var io = require('socket.io-client');
var request = require('request');
/*
* This is the jar (like a cookie container) we will use always
*/
var j = request.jar();
/*
* First I will patch the xmlhttprequest library that socket.io-client uses
* internally to simulate XMLHttpRequest in the browser world.
*/
var originalRequest = require('xmlhttprequest').XMLHttpRequest;
require('xmlhttprequest').XMLHttpRequest = function(){
originalRequest.apply(this, arguments);
this.setDisableHeaderCheck(true);
var stdOpen = this.open;
/*
* I will patch now open in order to set my cookie from the jar request.
*/
this.open = function() {
stdOpen.apply(this, arguments);
var header = j.get({ url: 'http://localhost:9000' })
.map(function (c) {
return c.name + "=" + c.value;
}).join("; ");
this.setRequestHeader('cookie', header);
};
};
/*
* Authenticate first, doing a post to some url
* with the credentials for instance
*/
request.post({
jar: j,
url: 'http://localhost:9000/login',
form: {username: 'jose', password: 'Pa123'}
}, function (err, resp, body){
/*
* now we can connect.. and socket.io will send the cookies!
*/
var socket = io.connect('http://localhost:9000');
socket.on('connect', function(){
console.log('connected! handshakedddddddddddd')
done();
}));
});
@ilatypov
Copy link

ilatypov commented Dec 1, 2020

Sending cookies across origins is disabled in browsers (I believe at a lower level than any patching could allow).

<!doctype html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <title>Cookies</title>
    <script>
        window.addEventListener('load', function(event) {
            let exist = document.getElementById("exist");
            exist.textContent = document.cookie;

            let mycookie = "mysession=abc123";
            let elem = document.getElementById("cook");
            elem.textContent = mycookie;

            document.cookie = mycookie;

            // let url = "https://www.google.ca/";
            let url = "http://localhost:30080/";
            let urlelem = document.getElementById("url");
            urlelem.textContent = url;

            let respelem = document.getElementById("resp");

            let req = new Request(url, { credentials: "same-origin" });
            fetch(req).then(function(resp) {
                return resp.text();
            }).then(function(text) {
                respelem.textContent = text;
            });
        });
    </script>
</head>
<body>
    <p>
    Existing document cookies <code id="exist"></code>.
    <p>
    Sending a cookie <code id="cook"></code> to URL <code id="url"></code>.
    <p>
    Response text: <code id="resp"></code>.
</body>
</html>
Existing document cookies .

Sending a cookie mysession=abc123 to URL http://localhost:30080/.

Response text: <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> [...] </body> </html> .

The browser's console shows the cookie being sent (when using the same origin as a destination).

GET / HTTP/1.1
Host: localhost:30080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: */*
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost:30080/f.html
DNT: 1
Connection: keep-alive
Cookie: mysession=abc123

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment