Secure WebSocket connection on authentication with Http cookies

## Feature Description

When using the WebSocket protocol with the SDK, the `login` action will be sent through HTTP with the secured way described below.

Once the cookie is set in the browser, the SDK can start the WebSocket handshake (which is through HTTP so the cookie will be sent) so Kuzzle have to handle the cookie sent during this handshake to authenticate the connection for the duration of the token.
The token is not needed in the subsequent request since Kuzzle already authenticate the websocket connection.

:warning: This is not enough to protect WebSocket against CSRF https://christian-schneider.net/CrossSiteWebSocketHijacking.html 

![image](https://user-images.githubusercontent.com/4447392/101647521-1b453780-3a39-11eb-96c4-72bf51862820.png)

See also: 
 - https://github.com/kuzzleio/kuzzle/issues/1884
 - https://github.com/kuzzleio/sdk-javascript/issues/592


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Secure WebSocket connection on authentication with Http cookies #591

Feature Description

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Secure WebSocket connection on authentication with Http cookies #591

Description

Feature Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions