1) Clients do apply CORS to WebSocket requests already (and might've
started doing so quite some time ago) and everything's fine and you don't
need to change anything.

2) Clients do not apply CORS to WebSocket requests, and you're screwed,
because any change you make will break existing deployments.

Either way, this will result in no change made, so you can burry it right

On Thu, Feb 5, 2015 at 2:12 PM, Anne van Kesteren <ann...@annevk.nl> wrote:

> On Thu, Feb 5, 2015 at 1:27 PM, Florian Bösch <pya...@gmail.com> wrote:
> > CORS is an adequate protocol to allow for additional headers, and
> websocket
> > requests could be subjected to CORS (I'm not sure what the current client
> > behavior is in that regard, but I'm guessing they enforce CORS on
> websocket
> > requests as well).
> I think you're missing something. A WebSocket request is subject to
> the WebSocket protocol, which does not take the same precautions as
> the Fetch protocol does used elsewhere in the platform. And therefore
> we cannot provide this feature until the WebSocket protocol is fixed
> to take the same precautions.
> --
> https://annevankesteren.nl/

Reply via email to