Use custom header, send anonToken in payload to joinProject

services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee

@@ -51,6 +51,7 @@ module.exports = TokenAccessController =
 					"adding anonymous user to project with readOnly token"
 				TokenAccessHandler.grantSessionReadOnlyTokenAccess(req, project._id, token)
 				req.params.Project_id = project._id.toString()
+				req._anonToken = token
 				return ProjectController.loadEditor(req, res, next)
 			else
 				logger.log {userId, projectId: project._id},
@@ -61,7 +62,6 @@ module.exports = TokenAccessController =
 							"error adding user to project with readAndWrite token"
 						return next(err)
 					req.params.Project_id = project._id.toString()
-					req._anonToken = token
 					return ProjectController.loadEditor(req, res, next)
 
 

services/web/public/coffee/base.coffee

@@ -19,7 +19,7 @@ define [
 		"ngTagsInput"
 	]).config ($qProvider, sixpackProvider, $httpProvider)->
 		if window.anonToken
-			$httpProvider.defaults.headers.common['Authorization'] = window.anonToken
+			$httpProvider.defaults.headers.common['x-sl-anon-token'] = window.anonToken
 		$qProvider.errorOnUnhandledRejections(false)
 		sixpackProvider.setOptions({
 			debug: false

services/web/public/coffee/ide/connection/ConnectionManager.coffee

@@ -154,9 +154,12 @@ define [], () ->
 			# Note: if the "joinProject" message doesn't reach the server
 			# (e.g. if we are in a disconnected state at this point) the
 			# callback will never be executed
-			@ide.socket.emit 'joinProject', {
+			data = {
 				project_id: @ide.project_id
-			}, (err, project, permissionsLevel, protocolVersion) =>
+			}
+			if window.anonToken
+				data.anonToken = window.anonToken
+			@ide.socket.emit 'joinProject', data, (err, project, permissionsLevel, protocolVersion) =>
 				if err? or !project?
 					return @reportConnectionError(err)