Fix Mastodon WebSocket authentication

Mastodon uses the Sec-Websocket-Protocol header to send the auth token. It is not clear if this is a violation of the RFC, but Mastodon is not the first application in the wild to use this header for authentication purposes. Phoenix does not allow accessing this header, so we work around it temporarily with a minor patch to Phoenix 1.7.14. We will reach out to Phoenix to discuss how to make this use case possible.
author: Mark Felder <feld@feld.me> 2024-08-04 14:58:16 -0400
committer: Mark Felder <feld@feld.me> 2024-08-04 15:04:29 -0400
commit: 8c91fd8785c25e694d9341b17b5182041c575166 (patch)
tree: e820d6005ca5e32428d94e34fdd41bbb10128997 /mix.exs
parent: 3e4768efca88124b3ae418d41da923c428598275 (diff)
download: pleroma-8c91fd8785c25e694d9341b17b5182041c575166.tar.gz
pleroma-8c91fd8785c25e694d9341b17b5182041c575166.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/mix.exs b/mix.exs
index 69e52e526..88b558a75 100644
--- a/mix.exs
+++ b/mix.exs
@@ -132,7 +132,8 @@ defmodule Pleroma.Mixfile do
   # Type `mix help deps` for examples and options.
   defp deps do
     [
-      {:phoenix, "~> 1.7.3"},
+      {:phoenix,
+       git: "https://github.com/feld/phoenix", branch: "v1.7.14-websocket-headers", override: true},
       {:phoenix_ecto, "~> 4.4"},
       {:ecto_sql, "~> 3.10"},
       {:ecto_enum, "~> 1.4"},
author	Mark Felder <feld@feld.me>	2024-08-04 14:58:16 -0400
committer	Mark Felder <feld@feld.me>	2024-08-04 15:04:29 -0400
commit	8c91fd8785c25e694d9341b17b5182041c575166 (patch)
tree	e820d6005ca5e32428d94e34fdd41bbb10128997 /mix.exs
parent	3e4768efca88124b3ae418d41da923c428598275 (diff)
download	pleroma-8c91fd8785c25e694d9341b17b5182041c575166.tar.gz pleroma-8c91fd8785c25e694d9341b17b5182041c575166.zip