From 8c91fd8785c25e694d9341b17b5182041c575166 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Sun, 4 Aug 2024 14:58:16 -0400
Subject: Fix Mastodon WebSocket authentication

Mastodon uses the Sec-Websocket-Protocol header to send the auth token. It is not clear if this is a violation of the RFC, but Mastodon is not the first application in the wild to use this header for authentication purposes. Phoenix does not allow accessing this header, so we work around it temporarily with a minor patch to Phoenix 1.7.14. We will reach out to Phoenix to discuss how to make this use case possible.
---
 mix.exs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'mix.exs')

diff --git a/mix.exs b/mix.exs
index 69e52e526..88b558a75 100644
--- a/mix.exs
+++ b/mix.exs
@@ -132,7 +132,8 @@ defmodule Pleroma.Mixfile do
   # Type `mix help deps` for examples and options.
   defp deps do
     [
-      {:phoenix, "~> 1.7.3"},
+      {:phoenix,
+       git: "https://github.com/feld/phoenix", branch: "v1.7.14-websocket-headers", override: true},
       {:phoenix_ecto, "~> 4.4"},
       {:ecto_sql, "~> 3.10"},
       {:ecto_enum, "~> 1.4"},
-- 
cgit v1.2.3