fix: custom headers with sockets

2025-09-08 13:18:38 +05:30
parent 3ba3e34938
commit 1df69b0b65
3 changed files with 57 additions and 8 deletions
--- a/lib/core/services/socket_service.dart
+++ b/lib/core/services/socket_service.dart
@@ -52,10 +52,41 @@ class SocketService {
        .setTimeout(20000)
        .setPath(path);

+    // Merge Authorization (if any) with user-defined custom headers for the
+    // Socket.IO handshake. Avoid overriding reserved headers.
+    final Map<String, String> extraHeaders = {};
    if (authToken != null && authToken!.isNotEmpty) {
-      builder
-          .setAuth({'token': authToken})
-          .setExtraHeaders({'Authorization': 'Bearer $authToken'});
+      extraHeaders['Authorization'] = 'Bearer $authToken';
+      builder.setAuth({'token': authToken});
+    }
+    if (serverConfig.customHeaders.isNotEmpty) {
+      final reserved = {
+        'authorization',
+        'content-type',
+        'accept',
+        // Socket/WebSocket reserved or managed by client/runtime
+        'host',
+        'origin',
+        'connection',
+        'upgrade',
+        'sec-websocket-key',
+        'sec-websocket-version',
+        'sec-websocket-extensions',
+        'sec-websocket-protocol',
+      };
+      serverConfig.customHeaders.forEach((key, value) {
+        final lower = key.toLowerCase();
+        if (!reserved.contains(lower) && value.isNotEmpty) {
+          // Do not overwrite Authorization we already set from authToken
+          if (lower == 'authorization' && extraHeaders.containsKey('Authorization')) {
+            return;
+          }
+          extraHeaders[key] = value;
+        }
+      });
+    }
+    if (extraHeaders.isNotEmpty) {
+      builder.setExtraHeaders(extraHeaders);
    }

    _socket = io.io(base, builder.build());