* Anne van Kesteren wrote: >On Thu, Feb 5, 2015 at 1:27 PM, Florian Bösch <pya...@gmail.com> wrote: >> CORS is an adequate protocol to allow for additional headers, and websocket >> requests could be subjected to CORS (I'm not sure what the current client >> behavior is in that regard, but I'm guessing they enforce CORS on websocket >> requests as well). > >I think you're missing something. A WebSocket request is subject to >the WebSocket protocol, which does not take the same precautions as >the Fetch protocol does used elsewhere in the platform. And therefore >we cannot provide this feature until the WebSocket protocol is fixed >to take the same precautions.
It seems to me that "pre-flight" requests would happen prior to opening a Websocket connection, i.e. before requirements of the Websocket proto- col apply, so this would have to be covered by the API specification in- stead. I do not really see why the Websocket on-the-wire protocol would have to be changed here. -- Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de Available for hire in Berlin (early 2015) · http://www.websitedev.de/