All it says about CORS is the following

(Opening handshake section):


The |Origin| header field [RFC6454] is used to protect against unauthorized 
cross-origin use of a WebSocket server by scripts using the WebSocket API in a 
web browser.

On Thu, Feb 5, 2015 at 10:19 AM, Anne van Kesteren <ann...@annevk.nl>
wrote:

> On Thu, Feb 5, 2015 at 3:49 AM, Michiel De Mey <de.mey.mich...@gmail.com> 
> wrote:
>> I'd like to propose a new feature to enable browsers to send custom headers 
>> through the API.
>> The Websocket spec supports this, however the API does not expose this 
>> feature.
> Does the specification take similar precautions to CORS?
> -- 
> https://annevankesteren.nl/

Reply via email to