added ability to enforce only header authorization versus query string authorization - DK/MW

lib/index.js

@@ -158,7 +158,14 @@ function authorize(options, onConnection) {
       }
     }
 
-    //get the token from handshake or query string
+    // Check if the header has to include authentication
+    if (options.auth_header_required && !token) {
+      return auth.fail(new UnauthorizedError('missing_authorization_header', {
+        message: 'Server requires Authorization Header'
+      }), data, accept);
+    }
+
+    // Get the token from handshake or query string
     if (handshake && handshake.query.token){
       token = handshake.query.token;
     }