* Anne van Kesteren wrote:
>On Thu, Feb 5, 2015 at 1:27 PM, Florian Bösch <pya...@gmail.com> wrote:
>> CORS is an adequate protocol to allow for additional headers, and websocket
>> requests could be subjected to CORS (I'm not sure what the current client
>> behavior is in that regard, but I'm guessing they enforce CORS on websocket
>> requests as well).
>I think you're missing something. A WebSocket request is subject to
>the WebSocket protocol, which does not take the same precautions as
>the Fetch protocol does used elsewhere in the platform. And therefore
>we cannot provide this feature until the WebSocket protocol is fixed
>to take the same precautions.

It seems to me that "pre-flight" requests would happen prior to opening
a Websocket connection, i.e. before requirements of the Websocket proto-
col apply, so this would have to be covered by the API specification in-
stead. I do not really see why the Websocket on-the-wire protocol would
have to be changed here.
Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/ 

Reply via email to