fix(socketio): allow authorization header without cookies (#34199)

Resolves #34125 Signed-off-by: Akhil Narang <me@akhilnarang.dev>
2025-09-30 11:54:23 +05:30 · 2025-09-30 11:54:23 +05:30 · 7ddff768a8
commit 7ddff768a8
parent 7d69afb9c4
1 changed files with 6 additions and 2 deletions
--- a/realtime/middlewares/authenticate.js
+++ b/realtime/middlewares/authenticate.js
@ -16,8 +16,12 @@ function authenticate_with_frappe(socket, next) {
 		return;
 	}

-	if (!socket.request.headers.cookie) {
-		next(new Error("No cookie transmitted."));
+	if (!socket.request.headers.cookie && !socket.request.headers.authorization) {
+		next(
+			new Error(
+				"Missing cookie and authorization header. Either one needed for authentication."
+			)
+		);
 		return;
 	}