šŸ“Œ
Pusher
  • Pusher Support Portal
  • šŸ“ˆChannels
    • Channels
      • Events
        • Does Channels Store a History Of Events And Messages?
        • Does Channels Guarantee Message Delivery to Clients?
        • How Can I Get Missed Messages After Reconnecting To Channels?
        • How Can I Enable Client Events Within My Application?
        • How Can I Implement Message (Event) History In Channels?
        • Is It Possible To Schedule Event Sending in My Channels App?
        • What Happens If I Publish Events To Channel If No Clients Are Subscribed?
        • Why Do You Require Server Authentication To Use Client Events?
        • Why Don't Channels Events Arrive In Order?
        • How Do I Trigger An Event From A Bash Shell Script?
      • Libraries
        • Does Pusher Channels work with React Native?
        • Can I Host pusher js On My Own Server?
        • Does Channels Work With My Specific Technology?
      • Limits
        • How Are Concurrent Connections Counted?
        • How Can I Add Other Contacts To My Channels Limits Notifications?
        • How Can I Configure Usage Summaries?
        • How Can I Monitor My Account Usage?
        • How Is My Message Count Calculated In Channels?
        • What Happens When I Hit My Channels Plan Limits?
        • Over What Time Period Are My Channels Limits Counted?
        • What Is The Message Size Limit When Publishing an Event in Channels?
        • Why Do My Channels Metrics Graphs and Stats Numbers Show Different Values?
        • What Is The Maximum Number of Channels Supported Per App?
      • Presence
        • How Do I See The Members Of A Presence Channel Without Appearing In It?
        • How Can I Implement Large Presence Channels On Channels?
        • Why Do Presence Channels Generate So Many Messages?
      • Subscribing
        • Providing A Custom Channels Authoriser
        • Should I Subscribe To Lots Of Channels?
        • What Does The Error 'Invalid channel name' Mean?
      • Troubleshooting
        • How Can I Perform Connectivity Diagnostics For My Version Of Pusher JS?
        • How Can I Debug My Channels Webhooks?
        • How Do I Use The Channels Debug Console And Event Creator?
        • How Does Pusher Channels Protect Against Denial Of Service Attacks?
        • My Channels Application Is Encountering An Error Code, What Does This Mean?
        • Reporting Bugs and Technical Issues
        • We Are Seeing Timeouts From The Pusher Channels API, What Can We Do?
        • What Can Cause Error '401 Unauthorized' From The Channels REST API?
        • What Does The "Unsupported event received on socket <event_name>" Error Mean?
        • What Does The 'Timestamp Expired' Response From The Channels Rest API Mean When Triggering An Event?
        • What Is Meant By Channels Error 1006?
        • What Is Meant By Channels Error 4200?
        • Why Am I Receiving "Websocket Is Closed Before The Connection Is Established" Error Messages?
        • Why Am I Receiving The 'Invalid key in subscription auth data' Error?
        • Why Am I Seeing The Error "There was a problem creating your WebHook, please try again" When Trying
        • Why Am I Receiving The "Invalid signature: Expected HMAC SHA256" Error?
        • Why Can't I Connect To Channels?
        • Why Does My Channels Event Report Error "The 'pusher' namespace is reserved for internal usage"?
        • Why Don't I Receive Notifications When My Ios Or Android Channels App Is In The Background?
        • Why Is My User Stuck In A Presence Channel?
      • Webhooks
        • Channels Webhook Timeouts and Retries
        • Can You Give Me A List Of IPs That Pusher Channels Webhooks Will Be Sent From?
        • How Can My Server Be Notified When Users Join Or Leave A Presence Channel?
        • What Is The Batch Size and Batch Window For Channels Webhooks?
        • Why Is My Server Not Receiving Webhooks Channels?
      • Connecting
        • Can You Provide Me With a List of IP Addresses that Channels Uses?
        • How Can I Manually Unsubscribe Clients From My Server?
        • Does Channels Work In Mainland China?
        • How Can I Add A Cluster Failover Process to My Channels Integration?
        • How Can I Stop Channels Users Going Offline For An Instant When They Navigate Between Pages?
        • How Can I Transition A Live App To A Different Cluster?
        • Can I use Pusher Channel Authentication with Web Framework CSRF Protection?
        • Iā€™m Having Problems With The Reliability Of My Clients Connections To Pusher, What Can I Do?
        • Managing Channels keys in Mobile Apps
        • What Are Concurrent Channels Connections?
        • What Channels Clusters Exist?
        • What Content Security Policy (CSP) do I need for Channels?
        • What happens if a user is on a poor connection that occasionally drops? Will they miss messages?
        • What Ports Do I Need To Open In My Firewall To Allow Channels To Connect?
        • Why Am I Seeing More Channels Connections Than I Expect?
        • What WebSocket Protocols Does Channels Support?
        • How Can I Rotate My Channels App Keys
  • šŸ””Beams
    • Beams
      • Libraries
        • Does Beams support React Native?
        • Ho Do I Implement Beams With A Specific Technology?
        • Does Beams have React Native support?
        • What Libraries Does Beams Support?
      • Limits
        • What Are Beams Subscribers and How Are They Counted?
        • What Happens When I Hit My Beams Plan Limits?
      • Publishing
        • How Can I Set The Time-To-Live (TTL) For a Push Notification?
        • Why Don't Fcm Notifications Trigger ā€˜onMessageReceivedā€™ When In The Background State?
        • How Can I Rotate My Beams Instance Keys
      • Webhooks
        • Beams Webhook Timeouts and Retries
      • Troubleshooting
        • Can You Provide Me With A List Of IP Addressed That Beams Uses?
        • What Ports Are Required To Receive Beams Notifications On My iOS Device?
        • How Can I Migrate Between Beams Instances?
        • Why Am I Receiving Error `Push notification prompting can only be done from a user gesture` In Safar
  • šŸ’°Account/Billing
    • Account/Billing
      • Legal
        • How Can I Comply With HIPAA When Using Pusher Channels?
        • How Can I Comply With HIPAA When Using Pusher Beams?
        • Where Can I Find Your Cookie Policy?
        • What Hosting Provider(s) And Other Subprocessors Does Pusher Use?
        • Can I Sign a DPA With Pusher
        • Does Pusher Track And Use IP Addresses?
      • Dashboards
        • How Can I Add Collaborators To My Beams Instance?
        • How Can I Add Teammates As Collaborators To My Channels App?
        • How Can I Delete My Pusher Account?
        • How Can I Reset My Password For The Pusher Dashboard?
        • How Can I Transfer App Ownership From One Channels Account To Another?
        • How Can I Transfer Instance Ownership From One Beams Account To Another?
        • How Can I Update My Channels Billing Email Address?
        • How Can I Update My Pusher Account Email Address?
      • Account Information
        • How Can I Add 2-Factor Authentication To My Pusher Account?
      • Payments / Billing
        • Can I Pay For Channels Using Amex?
        • Can I Switch To Invoice Billing For My Subscription?
        • How Can I Change The Account Name That Appears On My Channels Statement?
        • How Can I Get The Billing Statements For My Channels Account?
        • How Can I Update My Billing Details For Beams?
        • What Can I Do If My Credit Card Is Declined?
        • How Can I Update My Payment Details For Channels?
      • Plans
        • How Does My Channels Plan Level Affect The Limits Of My Apps?
        • How Can I Downgrade My Beams plan?
        • How Can I Downgrade My Channels Plan?
        • How Can I Upgrade My Beams Plan?
        • How Can I Upgrade My Channels Plan?
        • I Have Upgraded My Channels Collaborator Account Instead Of The App Owner Account, What Now?
Powered by GitBook
On this page
  • Problem
  • Solution
  • JavaScript
  • iOS/Objective-C
  • Android/Java
  1. Channels
  2. Channels
  3. Connecting

Can I use Pusher Channel Authentication with Web Framework CSRF Protection?

PreviousHow Can I Transition A Live App To A Different Cluster?NextIā€™m Having Problems With The Reliability Of My Clients Connections To Pusher, What Can I Do?

Last updated 1 year ago

Problem

The Pusher JavaScript client library makes an authentication AJAX request when subscribing to a or channel. This AJAX request is done in the form of a POST request.

By default a POST request from JavaScript is intercepted and forbidden with a 403 response with many web frameworks such as Ruby on Rails and Laravel as it will be seen as a Cross-site Request forgery attempt.

Solution

The solution depends on the client library that you are using:

JavaScript

Parameters to be sent along with the authentication request can be set in the .


var pusher = new Pusher('app_key', {
  auth: {
    params: {
      CSRFToken: 'some_csrf_token'
    }
  }
});

An alternative is to use jsonp authentication, as this is made using a GET request so shouldn't be treated as CSRF attempt. See

iOS/Objective-C

The documentation for setting HTTP headers for libPusher can be found here:

Android/Java

The documentation for setting HTTP headers for pusher-websocket-java can be found here: .

Still have questions? Please reach out to our Support team by visiting .

šŸ“ˆ
Private
Presence
Pusher constructor options parameter
https://pusher.com/docs/channels/server_api/authenticating-users#jsonp_auth_endpoints
https://github.com/pusher/libPusher#channel-authorization
http://pusher.github.io/pusher-websocket-java/com/pusher/client/util/HttpAuthorizer.html#setHeaders(java.util.HashMap)
this page