We have a security firewall that authenticates with cookies, however it seems that the current implementation of SSE sends an auth token as a query param, and it does not use withCredentials to send cookies.
Is there anyway to support cookies to be sent and/or use an alternate server URL for that particular endpoint?
SSE only sends the oauth token as a query parameter in the local testing environment, when running the local
npm serve. This is required because it is running outside of the Drone server environment. If you login to cloud.drone.io (for example) and inspect the underlying network request to
/api/streams you will see the
_session_ cookie is included in the request.
Yes, you’re correct. For whatever reason, our setup is blocking these requests even though the credentials are sent. I’ll file this under a configuration error on our part.