Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug:Sends access token via Sec-Websocket-Protocol #2237

Open
1 task done
waldiTM opened this issue Dec 17, 2024 · 1 comment
Open
1 task done

Bug:Sends access token via Sec-Websocket-Protocol #2237

waldiTM opened this issue Dec 17, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@waldiTM
Copy link

waldiTM commented Dec 17, 2024
edited
Loading

Environment:

  • OS: iPadOS 18.1.1
  • IceCubesApp version: 1.11.2

Description

Ice Cubes sends the access token for the streaming API via the Sec-Websocket-Protocol header. The Mastodon documentation of the streaming API does not document this way of use. And this header is not considered sensitive, so often logged.

The documented way to do auth against the streaming API is to use the access_token query parameter.

The standard Authorization header is implemented as well for the streaming API, but not documented.

Related Issues

  • Search that this bugs don't already exist before creating it.
@waldiTM waldiTM added the bug Something isn't working label Dec 17, 2024
@waldiTM
Copy link
Author

waldiTM commented Dec 17, 2024

I don't know Swift, but the relevant code seems to be Client.makeWebSocketTask. It clearly shows the setup of the protocols parameter.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@waldiTM