Adding basic support for sending cookies into xhr handshakes

[jscharlach]

No description provided.

[ajaymaru]

+1

[jkingyens]

+1

[rituparnawy]

+1

[danielkcz]

👍
I am wondering why this hasn't been merged yet. It's so simple and elegant solution...

[danielkcz]

Actually this doesn't solve a thing. See my latest comment in #344.

[chill117]

I have been struggling to get unit tests involving socket.io-client to work with authentication. This pull request plus a minor change to the xmlhttprequest module that the socket.io-client module depends on worked for me. Here are the instructions for the additional changes:

Change the following of socket.io-client/node_modules/xmlhttprequest/lib/XMLHttpRequest.js:

  // These headers are not user setable.
  // The following are allowed but banned in the spec:
  // * user-agent
  var forbiddenRequestHeaders = [
    "accept-charset",
    "accept-encoding",
    "access-control-request-headers",
    "access-control-request-method",
    "connection",
    "content-length",
    "content-transfer-encoding",
    "cookie",
    "cookie2",
    "date",
    "expect",
    "host",
    "keep-alive",
    "origin",
    "referer",
    "te",
    "trailer",
    "transfer-encoding",
    "upgrade",
    "via"
  ];

To:

  // These headers are not user setable.
  // The following are allowed but banned in the spec:
  // * user-agent
  var forbiddenRequestHeaders = [
    "accept-charset",
    "accept-encoding",
    "access-control-request-headers",
    "access-control-request-method",
    "connection",
    "content-length",
    "content-transfer-encoding",
    //"cookie",
    "cookie2",
    "date",
    "expect",
    "host",
    "keep-alive",
    "origin",
    "referer",
    "te",
    "trailer",
    "transfer-encoding",
    "upgrade",
    "via"
  ];

And, add the following immediately after the above code:

  // Forbid "Cookie" header in all environments EXCEPT 'test'
  if (process.env.NODE_ENV != 'test')
    forbiddenRequestHeaders.push('cookie')