-
-
Notifications
You must be signed in to change notification settings - Fork 6.1k
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
APIKeyHeader for Websockets #976
Comments
Yes, you can, it's documented here: https://fastapi.tiangolo.com/advanced/websockets/#using-depends-and-others Also, have in mind that browsers don't have a way to set headers when creating WebSocket connections: https://stackoverflow.com/a/4361358/219530 |
You are right! Out of curiosity, (the project is for mobile apps only) I followed the docs and here is what I have:
Is this the correct way to do websockets with FastAPI? I get this error (same error with APIKeyQuery):
|
@tiangolo can you please help me? I'll close this question and I'm not going to bug you anymore :) |
@Catastropha fastapi/fastapi/security/api_key.py Line 38 in 9c3c9b6
|
same issue here, but solved with a pretty hacky adapter that pulls the header as a header and then passes to the APIs security: async def validate_ws_static_token(
token: str = Header(...),
db=Depends(database_session),
):
return await _user_from_token(
token,
db
)
async def _user_from_token(
token: str = Depends(APIKeyHeader(...)),
db=Depends(database_session)
):
... |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Is your feature request related to a problem
Yes. It would be nice to use Security with APIKeyHeader (maybe APIKeyCookie, APIKeyQuery as well) for websocket connections.
The solution you would like
Consistent with the current http way of doing it
api_key_header = APIKeyHeader(name=API_KEY_NAME)
Describe alternatives you've considered
At the moment we plan to protect websocket endpoints with a simple
api_key: str = Header(None),
and then we do
For this I guess we might need the WebSocketException feature in Starlette
If someone can give me some guiding on how to structure this feature I might give it a try and do a PR
The text was updated successfully, but these errors were encountered: