Server Events - Javascript Client: CORS + Authentication

Hey there - we have been using ServiceStack for a really long time and love it! We recently started using the server events in a CORS environment with the Javascript client. Everything worked correctly until a recompile (server recycle) at which point we would start getting 401 authentication issues. Cookies were still there and everything, but it would 401. I spent an embarrassingly long amount of time tracking this one down. The main issue comes down to this:

  1. We first called the /auth/credential endpoint to “sign in” which set the cookies (remember this is a CORS environment and we already had all our CORS stuff setup correctly because the API was working fine)

  2. When we setup the event source initially we created it as follows: (note the withCredentials)

    this.eventStream = new EventSource(url, { withCredentials: true });

  3. When we did a recompile (server recycle) this function was getting called in the ss-utils.js

    $.ss.reconnectServerEvents = function

  4. That function creates a NEW EventSource but does not specify withCredentials, which means that the new EventSource will no longer send auth cookies and stop working.

The patch would be a simple adding of arguments to the EventSource constructor preserving the CURRENT EventSource’s withCredentials, e.g

var es = new EventSource(opt.url || $.ss.eventSourceUrl || hold.url, { withCredentials: currWithCredentials});

I only bring this up here in order to hopefully save someone in the future a lot of troubleshooting

Thanks for the heads up, ss-utils.js was updated in this commit.

This change is available from v5.5.1 that’s now available on MyGet.

The latest version of ss-utils.js is also published on npm at:

You rock man! Trying it out now and will report back

Confirmed - it fixes the issue I had and all my unit tests still pass! Thanks again

1 Like