René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Add authorization callback for subscription requests","articleBody":"Currently, `solid-ws` accepts all `sub \u003curl\u003e` requests without any authorization check. This means anyone can subscribe to notifications for any resource, even private ones they don't have read access to.\n\nThis can leak information - a subscriber learns when a resource changes, even if they can't read it.\n\n### Proposed solution\n\nAdd an optional `authorize` callback that servers can use to check permissions:\n\n```javascript\nconst solidWs = SolidWs(server, app, {\n  authorize: (iri, req, callback) =\u003e {\n    // Check if user has read access to iri\n    // callback(null, true) to allow\n    // callback(null, false) to deny\n  }\n})\n```\n\nIf authorization fails, send `err \u003curl\u003e forbidden` instead of `ack`.\n\nThis keeps solid-ws flexible (default allows all, as today) while letting servers like NSS integrate their ACL checking.\n\nHappy to submit a PR for this if it sounds reasonable!\n\nRelated: nodeSolidServer/node-solid-server#1334","author":{"url":"https://github.com/melvincarvalho","@type":"Person","name":"melvincarvalho"},"datePublished":"2026-01-07T07:59:10.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/28/node-solid-ws/issues/28"}