On 03/30/2011 12:12 AM, Jonas Sicking wrote:
But I'm totally fine with punting on this for the future and just
disallowing redirects on an API level for now.
Yes, I think this is the right thing to do at the moment.
On Tue, 2011-03-29 at 15:12 -0700, Jonas Sicking wrote:
I'm totally fine with punting on this for the future and just
disallowing redirects on an API level for now.
+1. It has proved hard enough to get an acceptably-secure WebSocket
interface on the bare minimum of features. Let's not introduce
In this HyBi thread:
http://www.ietf.org/mail-archive/web/hybi/current/msg06951.html
Folks are arguing that the WebSocket protocol should support HTTP
redirects during the handshake and that dealing with the security
consequences of redirects should be dealt with at the API layer.
If/when that
On Tue, Mar 29, 2011 at 10:34 AM, Adam Barth w...@adambarth.com wrote:
In this HyBi thread:
http://www.ietf.org/mail-archive/web/hybi/current/msg06951.html
Folks are arguing that the WebSocket protocol should support HTTP
redirects during the handshake and that dealing with the security