How to authenticate subscriber? #17
Comments
|
Hello, Indeed, you have two solutions for subscriber authorization:
|
|
Thanks! I myself prefer the second solution, because having both hub and application server on one domain might induce other issues or might not be easy to setup. I tried the polyfill, but still no success. For some reason it repeatedly creates OPTIONS request before opening the stream, which is something native EventSource does not, and the server does not send correct CORS headers in response to those OPTIONS requests, therefore the stream never opens. (Also, server responds with 403 to the OPTIONS requests, which is odd, because GET requests work with no problems). Isn't there a bug in the server regarding this behaviour? Or is this intended? Have you considered adding a URL-based authentication mechanism? Thanks a lot, I like the work! |
Hi,
could you please clarify how subscribers can authenticate themselves against hub in case the hub runs on a different domain?
I have a frontend app on one domain with REST API on another domain and a mercure hub on a third domain. At https://demo.mercure.rocks/ you have two options - mercureAuthorization using a cookie, or HTTP header. In my case I cannot send HTTP header to authenticate with EventSource (even you alert in your demo that it is not possible). But how could I make the hub to set the mercureAuthorization cookie for me? The discover endpoint may be on the API, but it is on a different domain.
Maybe I am doing something wrong, thanks for any help!
The text was updated successfully, but these errors were encountered: