All it says about CORS is the following

(Opening handshake section):

The |Origin| header field [RFC6454] is used to protect against unauthorized 
cross-origin use of a WebSocket server by scripts using the WebSocket API in a 
web browser.

On Thu, Feb 5, 2015 at 10:19 AM, Anne van Kesteren <>

> On Thu, Feb 5, 2015 at 3:49 AM, Michiel De Mey <> 
> wrote:
>> I'd like to propose a new feature to enable browsers to send custom headers 
>> through the API.
>> The Websocket spec supports this, however the API does not expose this 
>> feature.
> Does the specification take similar precautions to CORS?
> -- 

Reply via email to