We no longer need to use token based auth (but allow empty tokens) when WebSockets are used.
mentioned in commit 73c1db5f