All it says about CORS is the following (Opening handshake section):
The |Origin| header field [RFC6454] is used to protect against unauthorized cross-origin use of a WebSocket server by scripts using the WebSocket API in a web browser. On Thu, Feb 5, 2015 at 10:19 AM, Anne van Kesteren <ann...@annevk.nl> wrote: > On Thu, Feb 5, 2015 at 3:49 AM, Michiel De Mey <de.mey.mich...@gmail.com> > wrote: >> I'd like to propose a new feature to enable browsers to send custom headers >> through the API. >> The Websocket spec supports this, however the API does not expose this >> feature. > Does the specification take similar precautions to CORS? > -- > https://annevankesteren.nl/