W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Allow custom headers (Websocket API)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 5 Feb 2015 14:12:12 +0100
Message-ID: <CADnb78jicLKKxWh9yaKG2NxepUYxubjGePqwi3LS7hPFD6BoMQ@mail.gmail.com>
To: Florian Bösch <pyalot@gmail.com>
Cc: Michiel De Mey <de.mey.michiel@gmail.com>, WebApps WG <public-webapps@w3.org>
On Thu, Feb 5, 2015 at 1:27 PM, Florian Bösch <pyalot@gmail.com> wrote:
> CORS is an adequate protocol to allow for additional headers, and websocket
> requests could be subjected to CORS (I'm not sure what the current client
> behavior is in that regard, but I'm guessing they enforce CORS on websocket
> requests as well).

I think you're missing something. A WebSocket request is subject to
the WebSocket protocol, which does not take the same precautions as
the Fetch protocol does used elsewhere in the platform. And therefore
we cannot provide this feature until the WebSocket protocol is fixed
to take the same precautions.

Received on Thursday, 5 February 2015 13:12:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:43 UTC