Adds a new allowed_hosts_only decorator and extensible base class to allow for checking the incoming Origin header on WebSocket requests, using the Django `ALLOWED_HOSTS` setting by default.
* made `WebSocketBridge._socket` public
We can provide a convenient way to hook custom behavior (such as debugging) by making the underlying `ReconnectingWebSocket` instance publicly available.
Also removed the undocumented `onopen` constructor option.
* recompile js
* Add support for relative urls in javascript wrapper
* recompile static file
* add js smoke test for relative urls
* update docs to show relative urls
* Add a new auth decorator to get the user and rehydrate the http session
* Add http_user_and_session, taking precedence over http_user, applying the channel_and_http_session_user_from_http decorator (a superset of http user functionality)
* Only set session cookies on the first send, since subsequent real requests don't have access to HTTP information
* Add a test for new http_user_and_session WebsocketConsumer attribute
* Fix isort check
Adds a WebSocket wrapper which is both publishable to npm and importable directly for use with staticfiles/etc. Also has a new build process to make the latter file.
* Webserver -> web server
This was flagged by my spell check, and indeed it's hard to find
spellings online without the space. The Oxford Dictionary only knows it
with a space, so I thought it's worth correcting.
* Attempt to clarify optional keys
I wasn't sure about how to treat keys marked optional. After having
spoken to Andrew, this is my attempt at clarifying. Improvements
welcome!
* Order of header values MUST be kept
Order for HTTP header values matters, both in request and responses. So
we must make sure that we're keeping it.
Request:
> Some headers, such as Accept-Language can be sent by clients as
> several headers each with a different value rather than sending the
> header as a comma separated list.
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getHeaders%28java.lang.String%29
Response:
Set-Cookie may be present multiple times, and only the last given value
is to be used.
I'm updating the Daphne test to verify the order in my pull request
there.
* Clarify that headers is a list of lists
The wording for 'server'/'client' and 'headers' was very similar, and I
was unsure if clients may be a list of lists (in anticipation of
protocols supporting that). I hope this small tweak makes it clearer
that only headers is a list of lists.
