Enhancement to customize the HTTP error code upon authorization failure

[jayyvis]

socket io version : 0.9.10
source: Manager.prototype.handleHandshake

If there a way to pass the required HTTP error code upon authorization failure, it would be convenient for applications. Currently socket.io sends HTTP 403 by default.

writeErr(403, 'handshake unauthorized');

Actually during the authorization process, my application verifies the authentication details before allowing a client to get connected. And if the authentication fails, it would be appropriate to send a HTTP 401 rather than HTTP 403 so that the client shall retry with correct credentials.

[witoldsz]

+1

I wanted to add login/logout support to our webapp and as far as I can see there is no way to send 401 to the client.

There is a difference:

• 401 (unauthorized) means the client is not authorized, so I should show them login popup,
• 403 (forbidden) means client is authorized, but they are not allowed to see the requested content.

As of now (npm ls shows 0.9.16), all I can send is

• 200 callback(null, true)
• 403 callbackor(null, false)
• 500 callback(exception).

Resolving this issue would be very appreciated :)