On Thu, Feb 5, 2015 at 1:27 PM, Florian Bösch <pya...@gmail.com> wrote: > CORS is an adequate protocol to allow for additional headers, and websocket > requests could be subjected to CORS (I'm not sure what the current client > behavior is in that regard, but I'm guessing they enforce CORS on websocket > requests as well).
I think you're missing something. A WebSocket request is subject to the WebSocket protocol, which does not take the same precautions as the Fetch protocol does used elsewhere in the platform. And therefore we cannot provide this feature until the WebSocket protocol is fixed to take the same precautions. -- https://annevankesteren.nl/