In this HyBi thread: http://www.ietf.org/mail-archive/web/hybi/current/msg06951.html
Folks are arguing that the WebSocket protocol should support HTTP redirects during the handshake and that dealing with the security consequences of redirects should be dealt with at the API layer. If/when that occurs, we should update the API layer to deal with the security consequences of the WebSocket protocol following HTTP redirects, preferably by aborting any WebSocket connections that the server attempts to redirect. Adam
