From 7ddff768a8afe7f6180b01f3e72e50d36a60a5b1 Mon Sep 17 00:00:00 2001
From: Akhil Narang <me@akhilnarang.dev>
Date: Tue, 30 Sep 2025 11:54:23 +0530
Subject: [PATCH] fix(socketio): allow authorization header without cookies
 (#34199)

Resolves #34125

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
---
 realtime/middlewares/authenticate.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/realtime/middlewares/authenticate.js b/realtime/middlewares/authenticate.js
index 022ba1f597..3e521e52d2 100644
--- a/realtime/middlewares/authenticate.js
+++ b/realtime/middlewares/authenticate.js
@@ -16,8 +16,12 @@ function authenticate_with_frappe(socket, next) {
 		return;
 	}
 
-	if (!socket.request.headers.cookie) {
-		next(new Error("No cookie transmitted."));
+	if (!socket.request.headers.cookie && !socket.request.headers.authorization) {
+		next(
+			new Error(
+				"Missing cookie and authorization header. Either one needed for authentication."
+			)
+		);
 		return;
 	}