Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
afiori
4 months ago
|
parent
|
context
|
favorite
| on:
A proposal to restrict sites from accessing a user...
A WebSocket starts as a normal http request, so it is subject to cors if the initial request was (eg if it was a post)
hnav
4 months ago
|
next
[–]
websockets aren't subject to CORS, they send the initiating webpage in the Origin header but the server has to decide whether that's allowed.
odo1242
4 months ago
|
prev
[–]
Unfortunately, the initial WebSocket HTTP request is defined to always be a GET request.
Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
