- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Thu, 05 Feb 2015 14:29:59 +0100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Florian Bösch <pyalot@gmail.com>, Michiel De Mey <de.mey.michiel@gmail.com>, WebApps WG <public-webapps@w3.org>
* Anne van Kesteren wrote: >On Thu, Feb 5, 2015 at 1:27 PM, Florian Bösch <pyalot@gmail.com> wrote: >> CORS is an adequate protocol to allow for additional headers, and websocket >> requests could be subjected to CORS (I'm not sure what the current client >> behavior is in that regard, but I'm guessing they enforce CORS on websocket >> requests as well). > >I think you're missing something. A WebSocket request is subject to >the WebSocket protocol, which does not take the same precautions as >the Fetch protocol does used elsewhere in the platform. And therefore >we cannot provide this feature until the WebSocket protocol is fixed >to take the same precautions. It seems to me that "pre-flight" requests would happen prior to opening a Websocket connection, i.e. before requirements of the Websocket proto- col apply, so this would have to be covered by the API specification in- stead. I do not really see why the Websocket on-the-wire protocol would have to be changed here. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de Available for hire in Berlin (early 2015) · http://www.websitedev.de/
Received on Thursday, 5 February 2015 13:30:30 UTC