Websocket authentication

I am trying to connect in a websocket via browser (javascript) in order to consume a Log and I am having no success. The error message is HTTP Authentication failed; no valid credentials available.

I already generate a token and when I test it via Postman I can connect using Authorizatior Bearer <token>.

I tried inserting the token in the URL:

As a query parameter:

Inside the connection:
new WebSocket(wss://rancher.tks.sh…, ['access_token', token=token-xxxxx:xxxxxxxxxxxxxxxxxxx'']);

And none of these approaches has succeeded.

Just to mention, if I am logged-in in another tab in Rancher, I can consume the log, but probably because the browser send the cookies with the authorization.

Anyone can help?

Browsers don’t send basic auth to the server (wss://token-...:...@host is just ignored), and the server does not accept a token anywhere other than the Authorization header (the rest).

It also should be verifying that the Origin header is the same as the Host header, so even if you had a way to pass valid credentials just opening a socket to a different domain won’t work. And for HTTP requests there’s no CORS headers sent…

Generally talking directly from one origin to the API on another is not a common practice. Proxy requests through your own domain; we do similar for UI development: https://github.com/rancher/ui/blob/master/server/proxies/api.js

Thanks Vincent for your help.

I have similar question! I am trying to access the Rancher 2.0 api from a web application in another domain and I am getting cors errors. I was able to get an ingress that sets the cors headers when trying to access web server that I created and deployed to the cluster. However, I am not sure how to configure an ingress for allow cors when trying to access the Rancher API.