Re: Proposal: add websocket close codes for "server not found" and/or "too many websockets open"

On Wed, May 23, 2012 at 6:21 AM, Jason Duell <jduell.mcbugs@gmail.com> wrote:
> Could you say more about why a simple "connection not available" would
> be a security problem, Simon?  We already have a code for the special
> case of TLS handshake failing: a code that encompasses every other
> reason why the connection wasn't made doesn't seem obviously risky to
> me (but I'm no security expert)..

The basic idea is to expose as little of cross-origin hosts as
possible, because otherwise your intranet can be mapped. That the
WebSocket API exposes more than XMLHttpRequest and other network
request APIs seems somewhat questionable already. Was that
intentional?


-- 
Anne — Opera Software
http://annevankesteren.nl/
http://www.opera.com/

Received on Wednesday, 23 May 2012 07:11:44 UTC