- From: Florian Bösch <pyalot@gmail.com>
- Date: Thu, 5 Feb 2015 14:23:36 +0100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Michiel De Mey <de.mey.michiel@gmail.com>, WebApps WG <public-webapps@w3.org>
Received on Thursday, 5 February 2015 13:24:05 UTC
Well, 1) Clients do apply CORS to WebSocket requests already (and might've started doing so quite some time ago) and everything's fine and you don't need to change anything. 2) Clients do not apply CORS to WebSocket requests, and you're screwed, because any change you make will break existing deployments. Either way, this will result in no change made, so you can burry it right here. On Thu, Feb 5, 2015 at 2:12 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Feb 5, 2015 at 1:27 PM, Florian Bösch <pyalot@gmail.com> wrote: > > CORS is an adequate protocol to allow for additional headers, and > websocket > > requests could be subjected to CORS (I'm not sure what the current client > > behavior is in that regard, but I'm guessing they enforce CORS on > websocket > > requests as well). > > I think you're missing something. A WebSocket request is subject to > the WebSocket protocol, which does not take the same precautions as > the Fetch protocol does used elsewhere in the platform. And therefore > we cannot provide this feature until the WebSocket protocol is fixed > to take the same precautions. > > > -- > https://annevankesteren.nl/ >
Received on Thursday, 5 February 2015 13:24:05 UTC