I want authenticated Web­Sockets

WebSockets are established through an HTTP handshake but the browser's WebSockets API doesn't allow me to put an authorization header into that handshake. I want to use the same authentication on my websocket endpoint as I do for all other endpoints on my server not be forced to use cookies. Adding the ability to set custom headers (or even just an authrorization header) as part of the WebSocket constructor would address this.