HocuspocusProvider: Adding custom headers

[JannikStreek]

The problem I am facing
Hi, I would like to add a header parameter to the Hocuspocus provider connection and not use the provided parameter setting.

Context: I am currently implementing a read-only option so I do want to give access, but only writing permissions in certain cases. However, as I don't have real users in my app, I am passing a token as parameter, which enables writing permissions. I don't want to pass this parameter in the URL as this will be logged everywhere. I would like to add this as a header, but I haven't found such a property on the hocuspocus provider.

I have read the documentation here: https://tiptap.dev/docs/hocuspocus/guides/auth

The solution I would like
A new header option, with which its possible to sent this write token as a header:

new HocuspocusProvider({
    url: ....,
    name: ...,
    document: ...,
    headers: {
      ...
    }
  });

Alternatives I have considered
Adding this token as a parameter works but will show up in the logs, which I don't consider best security practices.

I can work on this, if this issue is accepted.

EDIT: Just realized I can implement this with just the token parameter and do everything in the onAuthenticate block that I want. I still think passing headers would make sense?

[janthurau]

hi @JannikStreek , I think sending custom headers is not possible (because of Websocket limitations), but I only spent a few seconds googling. If there is an easy way to implement it, I'd be happy to merge it though. Otherwise, yes, you can just implement the logic using the token parameter and the onAuthenticate hook.