Documentation Index
Fetch the complete documentation index at: https://mintlify.com/strophe/strophejs/llms.txt
Use this file to discover all available pages before exploring further.
ConnectionOptions is the configuration interface accepted as the second argument to new Strophe.Connection(service, options). Every field is optional; omitting the entire object produces sensible defaults. Options that are transport-specific (BOSH-only or WebSocket-only) are clearly marked below.
All Options
A map of cookie names to cookie descriptor objects to be included in every
HTTP request made by Strophe. Applies to both BOSH and WebSocket transports.Each cookie descriptor has the following shape:
Browser security restrictions prevent Strophe from setting cookies for
domains other than the one serving the page. Cross-domain cookies must be
set server-side (e.g. via a pre-flight XHR to the target domain).
An array of SASL mechanism constructor functions that this connection will
offer during authentication. When omitted, Strophe registers all built-in
mechanisms with the following default priorities (higher = preferred):
Pass a subset (or a custom mechanism) to restrict what the client advertises.
| Mechanism | Priority |
|---|---|
SCRAM-SHA-512 | 72 |
SCRAM-SHA-384 | 71 |
SCRAM-SHA-256 | 70 |
SCRAM-SHA-1 | 60 |
PLAIN | 50 |
OAUTHBEARER | 40 |
X-OAUTH2 | 30 |
ANONYMOUS | 20 |
EXTERNAL | 10 |
When
true, Strophe will not automatically bind a JID resource after
authentication. Instead it fires Strophe.Status.BINDREQUIRED via the connect
callback, giving you a chance to perform other stream-level setup (such as
enabling XEP-0198 Stream Management) before calling connection.bind()
manually.Defaults to false (automatic resource binding).WebSocket connections only.Forces WebSocket transport for relative service URLs. Without this option, a
relative URL (e.g.
"/xmpp-websocket/") is treated as a BOSH endpoint.
Set to "ws" for plain WebSocket or "wss" for Secure WebSocket.Browsers will automatically upgrade
"ws" to "wss" when the current page
is served over HTTPS, because downgrading security is not permitted.
Absolute WebSocket URLs (ws://… / wss://…) are detected automatically
and do not require this option.WebSocket connections only.URL pointing to the shared worker script (
src/shared-connection-worker.js
or its compiled equivalent). When set, Strophe uses a SharedWorker to host
a single WebSocket connection that can be shared across multiple tabs or
Connection instances in the same browser session.BOSH connections only.When
true, BOSH HTTP requests are made synchronously (blocking the main
thread). The default is false (asynchronous). You can also toggle this
on an already-established connection:Synchronous XHR on the main thread is deprecated by browsers and will block
all JavaScript execution until the request completes. Use this only in
server-side or worker environments, never in production browser UIs.
BOSH connections only.An array of extra HTTP header strings to append to every BOSH request. Useful
for passing authentication tokens or other metadata to a custom BOSH
connection manager.
BOSH connections only.When
true, Strophe caches the BOSH session tokens (rid and sid) in
sessionStorage after every request. If the page is reloaded, calling
connection.restore() instead of connect() will attempt to resume the
cached session transparently.Defaults to false.BOSH connections only.When
true, the withCredentials flag is set on every BOSH XMLHttpRequest,
causing the browser to include cookies and HTTP authentication headers in
cross-origin requests.Defaults to false.For cross-origin requests with
withCredentials: true, the BOSH server
must respond with Access-Control-Allow-Credentials: true and must
set Access-Control-Allow-Origin to the exact page origin (not *).
Most same-origin deployments do not need this option.BOSH connections only.Overrides the default
Content-Type header value sent with BOSH HTTP
requests. The default is "text/xml; charset=utf-8".Changing this to a simple content type (e.g. "text/plain") can eliminate
CORS preflight (OPTIONS) requests on cross-origin BOSH endpoints, because
simple content types do not trigger preflights.Common Option Combinations
- Secure WebSocket
- BOSH with keepalive
- Multi-tab WebSocket
- Explicit resource binding
- Cross-origin BOSH