W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Allow custom headers (Websocket API)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 5 Feb 2015 13:22:09 +0100
Message-ID: <CADnb78h04nmovjNLZnM-h495gErF+8i==AsLb46oSHnMgp_Q0Q@mail.gmail.com>
To: Florian Bösch <pyalot@gmail.com>
Cc: Michiel De Mey <de.mey.michiel@gmail.com>, WebApps WG <public-webapps@w3.org>
On Thu, Feb 5, 2015 at 1:18 PM, Florian Bösch <pyalot@gmail.com> wrote:
> On Thu, Feb 5, 2015 at 12:59 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> That is not sufficient to allow custom headers. Cross-origin (and
>> WebSocket is nearly always cross-origin I think) custom headers
>> require a preflight and opt-in on a per-header basis.
> Access-Control-Allow-Headers is not a preflight request per header, it's one
> preflight request for all custom headers.

I was saying you need to opt in on a per-header basis. I did not say
each requires a distinct preflight.

> CORS allows idempotent requests to be made without a preflight request. A
> websocket setup is a GET request with the necessary headers for the
> handshake set.
> Please don't break websockets and HTTP as they're specified and implemented
> today. Thank you.

I'm not sure how this is relevant. We are discussing adding the
ability to the WebSocket API to set custom headers and whether the
current protocol is adequate for that.

Received on Thursday, 5 February 2015 12:22:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:43 UTC