Safari doesn't support basic authentication for websocket sessions.
This commit introduces a token-based authentication only for websocket
connection.
The token is shared by all clients and that might be not secure. However,
basic authentication itself is insecure and the credential is already
shared by clients, so don't mind.