W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Allow custom headers (Websocket API)

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Thu, 05 Feb 2015 14:29:59 +0100
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Florian Bösch <pyalot@gmail.com>, Michiel De Mey <de.mey.michiel@gmail.com>, WebApps WG <public-webapps@w3.org>
Message-ID: <klr6da5errf1r8e2tg16m4ciioc8uhu3tb@hive.bjoern.hoehrmann.de>
* Anne van Kesteren wrote:
>On Thu, Feb 5, 2015 at 1:27 PM, Florian Bösch <pyalot@gmail.com> wrote:
>> CORS is an adequate protocol to allow for additional headers, and websocket
>> requests could be subjected to CORS (I'm not sure what the current client
>> behavior is in that regard, but I'm guessing they enforce CORS on websocket
>> requests as well).
>I think you're missing something. A WebSocket request is subject to
>the WebSocket protocol, which does not take the same precautions as
>the Fetch protocol does used elsewhere in the platform. And therefore
>we cannot provide this feature until the WebSocket protocol is fixed
>to take the same precautions.

It seems to me that "pre-flight" requests would happen prior to opening
a Websocket connection, i.e. before requirements of the Websocket proto-
col apply, so this would have to be covered by the API specification in-
stead. I do not really see why the Websocket on-the-wire protocol would
have to be changed here.
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/ 
Received on Thursday, 5 February 2015 13:30:30 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:25 UTC