Hey folks, this is a long standing issue in Meteor and I was just wondering if there had been any movement or maybe some of you had found workarounds. A lot of providers add extra headers to the connection with useful info. In our case I’m particularly interested in ones that cloudflare adds and today they added another useful one for leaked credentials.
People have been asking about this forever, see this, and this more recent one, this feature request … it all seems to point back to the underlying socket library.
Anyone know a workaround or see a way past this?
1 Like
Have you checked the sink object?
Thanks Filipe. I’m not sure how that would help though - maybe I’m missing something. CF is adding the headers to the head already - the issue for us is being able to see them in the DDP connection object when people login.
I’m not sure what you mean by whitelisting, but I think your best bet for accessing the headers when DDP establishes a connection is Meteor.onConnection.
As far as login and other methods as the other issues you’ve linked to suggest. The headers won’t be available because websockets are a persistent connection and the headers are only sent when the connection is initially established.