W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Allow custom headers (Websocket API)

From: Florian Bösch <pyalot@gmail.com>
Date: Thu, 5 Feb 2015 13:18:03 +0100
Message-ID: <CAOK8ODh+y-m-N1vKzcboc+e98XnGC78iLezNO5EMhVxiD6JWBw@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Michiel De Mey <de.mey.michiel@gmail.com>, WebApps WG <public-webapps@w3.org>
On Thu, Feb 5, 2015 at 12:59 PM, Anne van Kesteren <annevk@annevk.nl> wrote:

> That is not sufficient to allow custom headers. Cross-origin (and
> WebSocket is nearly always cross-origin I think) custom headers
> require a preflight and opt-in on a per-header basis.
Access-Control-Allow-Headers is not a preflight request per header, it's
one preflight request for all custom headers.

CORS allows idempotent requests to be made without a preflight request. A
websocket setup is a GET request with the necessary headers for the
handshake set.

Please don't break websockets and HTTP as they're specified and implemented
today. Thank you.
Received on Thursday, 5 February 2015 12:18:30 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:25 UTC