Re: [whatwg/fetch] Stop saying WebSocket auth is disallowed (#761) from Anne van Kesteren on 2018-06-08 (public-webapps-github@w3.org from June 2018)

From: Anne van Kesteren <notifications@github.com>
Date: Fri, 08 Jun 2018 08:20:35 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/761/review/127205595@github.com>

annevk commented on this pull request.



> @@ -6301,12 +6301,11 @@ therefore not shareable, a WebSocket connection is very close to identical to an
 <p><dfn>Fail the WebSocket connection</dfn> and <dfn>the WebSocket connection is established</dfn>
 are defined by The WebSocket Protocol. [[!WSP]]
 
-<p class=warning>The reason redirects are not followed, HTTP authentication will not function, and
-this handshake is generally restricted is because that could introduce serious security problems in

It seems keeping "handshake is generally restricted" would be good. We should probably define how HTTP authentication is supposed to work though. I.e., only works if there's an authentication entry.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/761#pullrequestreview-127205595

Received on Friday, 8 June 2018 15:20:58 UTC