Description of problem: The websocket protocol RFC6455 allows the http basic auth 'authorization' header: 12. The request MAY include any other header fields, for example, cookies [RFC6265] and/or authentication-related header fields such as the |Authorization| header field [RFC2616], which are processed according to documents that define them. Additionally, On page 19, RFC6455 also says: 1. If the status code received from the server is not 101, the client handles the response per HTTP [RFC2616] procedures. In particular, the client might perform authentication if it receives a 401 status code; the server might redirect the client using a 3xx status code (but clients are not required to follow them), etc. Otherwise, proceed as follows. The node-web-proxy currently does not pass the 'authorization' header for websocket connections. How reproducible: Always Steps to Reproduce: 1. Deploy a nodejs-0.10 app using the following quickstart: # rhc app-create wstest nodejs-0.10 --from-code=https://github.com/tiwillia/openshift-nodejs-http-and-websocket-example The quickstart has been modified to log the websocket request headers when a connection is made. 2. Use the `wscat` tool, provided through npm, to create a connection and pass authorization parameters to the nodejs application: # npm install wscat # wscat --auth "user:pass" --connect ws://wstest-namespace.dev.rhcloud.com:8000 3. Check the logs of the application after the connection is made with `rhc tail`. The authorization header should be included in the list received by the websocket server. Actual results: Below is an example output from the logs of the sample application: New connection: { connection: 'Upgrade', upgrade: 'websocket', host: '127.1.244.1:8080', 'sec-websocket-version': '13', 'sec-websocket-key': 'MTMtMTQ4MzU2NzYzNTgxMA==', 'user-agent': 'undefined', 'x-forwarded-for': '0.0.0.0', 'x-client-ip': '0.0.0.0', 'sec-websocket-extensions': 'permessage-deflate; client_max_window_bits' } Note the lack of an 'authorization' header in the list. Expected results: New connection: { connection: 'Upgrade', upgrade: 'websocket', host: '127.1.244.1:8080', 'sec-websocket-version': '13', 'sec-websocket-key': 'MTMtMTQ4MzU2NzYzNTgxMA==', 'user-agent': 'undefined', 'x-forwarded-for': '0.0.0.0', 'x-client-ip': '0.0.0.0', authorization: 'Basic dGl0cmJhbGxz', 'sec-websocket-extensions': 'permessage-deflate; client_max_window_bits' } Note the 'authorization' header in the list. Additional info: This should be fixed with https://github.com/openshift/origin-server/pull/6444
The referenced PR was merged at that time.