On Thu, Feb 5, 2015 at 1:27 PM, Florian Bösch <pya...@gmail.com> wrote:
> CORS is an adequate protocol to allow for additional headers, and websocket
> requests could be subjected to CORS (I'm not sure what the current client
> behavior is in that regard, but I'm guessing they enforce CORS on websocket
> requests as well).

I think you're missing something. A WebSocket request is subject to
the WebSocket protocol, which does not take the same precautions as
the Fetch protocol does used elsewhere in the platform. And therefore
we cannot provide this feature until the WebSocket protocol is fixed
to take the same precautions.


Reply via email to