Websocket connection with javascript
Mostly because there's no pull request, but also I think passing a key as a query parameter is not ideal.
It isn't
Is there a better solution available or on the roadmap?
No.
@Anton from our email discussion I thought you didn't want to add this feature but I will make a pull request for my changes, I think access with an access token or id session is not a security issue.
Perhaps you can merge it with a warning/disclaimer and ensure it's a manual opt in option?
That way I don't have to run an entirely different fork if I'm ok with the security implications.
One size fits all probably isn't the best here.
Closed the PR because it doesn't seem to be ready. It has a bunch of unrelated changes.
I have done some investigation and it seems like the best option is to pass token in the "protocols" array. I'm going to try implementing it.
the necessary files to modify to implement external access according to my approach are:
- src/main/java/org/traccar/api/AsyncSocketServlet.java
- src/main/java/org/traccar/api/resource/SessionResource.java
- src/main/java/org/traccar/web/WebServer.java
- src/main/java/org/traccar/web/HttpSessionCollector.java
You can check it in my repo or in the closed PR
Added support for tokens using query parameter. Using protocols turned out to be too hacky.
https://github.com/traccar/traccar/commit/49483e0420ca8c7ff1afb31dacc7a427f93c7a3a
if access token is not secure as url parameter, in my solution I implied some way of authentication with session id.
Why isn't @Mr.wolf's changes merged? I would love the ability for Websocket to be able to be accessed from external Hosts.