- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Thu, 05 Feb 2015 15:09:08 +0100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Florian Bösch <pyalot@gmail.com>, Michiel De Mey <de.mey.michiel@gmail.com>, WebApps WG <public-webapps@w3.org>
* Anne van Kesteren wrote: >On Thu, Feb 5, 2015 at 2:48 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: >> A Websocket connection is established by making a HTTP Upgrade request, >> and the protocol is HTTP unless and until the connection is upgraded. > >Sure, but the server can get away with supporting a very limited >subset of HTTP, no? Anyway, perhaps a combination of a CORS preflight >followed by the HTTP Upgrade that then includes the headers is the >answer, would probably be best to ask some WebSocket library >developers what they think. I think that is the most obvious solution, yes. And no, I do not think you can support less HTTP for Websockets than what you need for minimal web servers (but a minimal web server does not do much beyond message parsing, you also do not need much more to support Websockets); either way, this should not be a problem because you can already reference any Websocket endpoint with <img> and XMLHttpRequest and whatever else, so it's unlikely there are notable risks there. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de Available for hire in Berlin (early 2015) · http://www.websitedev.de/
Received on Thursday, 5 February 2015 14:09:40 UTC