[GH-ISSUE #145] SSE mecanism is a hack, not secure at all #1776

New Issue

Open

opened 2026-05-20 14:23:31 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-05-20 14:23:31 -05:00

Owner

Copy Link

Originally created by @dextmorgn on GitHub (May 10, 2026).
Original GitHub issue: https://github.com/reconurge/flowsint/issues/145

Flowsint uses SSE (Server Sent Events) to receive logs in the terminal in real time.
The EventSource JS api doesn't provide mechanisms to insert regular auth headers in the request (+ some more limitations).

Currently, we are passing the Auth token in the url directly. This is an assumed terrible practice, that needs to be addressed.

Considering fetch-event-source from Azure.

Originally created by @dextmorgn on GitHub (May 10, 2026). Original GitHub issue: https://github.com/reconurge/flowsint/issues/145 Flowsint uses SSE (Server Sent Events) to receive logs in the terminal in real time. The [EventSource](https://developer.mozilla.org/en-US/docs/Web/API/Server-sent_events/Using_server-sent_events) JS api doesn't provide mechanisms to insert regular auth headers in the request (+ some more limitations). Currently, we are passing the Auth token in the url directly. This is an assumed terrible practice, that needs to be addressed. Considering [fetch-event-source from Azure](https://github.com/Azure/fetch-event-source).

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dextmorgn-patch-1

fix/custom-types

feat/enricher-templates

feat/export

v1.2.8

v1.2.7

v1.2.6

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.0

Labels

Clear labels

documentation

enhancement

pull-request

Mirrored from GitHub Pull Request

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/flowsint#1776