Which headers can be set in a $connect route response?

Question

According to this example\[1], the "Sec-WebSocket-Protocol" header can be set from a Lambda function set as a proxy integration for the $connect handler of a Websocket API, by returning the following payload:

```
{
  statusCode: 200,
  headers: {
    "Sec-WebSocket-Protocol" : "myprotocol"
  }
}
```

My question is, can other headers be set as well? It seems other headers are currently stripped. For example, when I set a 'Set-Cookie' header in the response, the header does not show up in the HTTP response. Is there a way to configure the route response or integration response so that such headers appear?  
  
\[1]   
  
Edited by: "jedlie" on Jul 12, 2020 6:14 AM  
  
Edited by: "jedlie" on Jul 12, 2020 6:25 AM

Accepted Answer

No, WebSocket API doesn't allow to set other header. Most headers other than Upgrade, Connection, Sec-WebSocket-* are not meaningful for the handshake, but I do agree that Set-Cookie would be a valid use case, as mentioned in the specification.  
  
_The server can also set cookie-related option fields to _set_cookies, as described in \[RFC6265]._

Answer

Thanks for the reply, jwaataws. Would love to see Set-Cookie allowlisted soon for Websocket APIs.

Which headers can be set in a $connect route response?

관련 콘텐츠