[Webkit-unassigned] [Bug 80362] WebSocket: Client does not support 401 Unauthorized response.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 28 06:40:05 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=80362
--- Comment #8 from Varunan <svarunan at gmail.com> ---
Alex,
Its a client side code so anyone can bypass XHR request with credentials and directly connect to websocket URL which is visible.
It should a single http request (hand shake) with Authorisation header added and upgrade to websocket on auth success.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170728/3f1ae4cb/attachment.html>
More information about the webkit-unassigned
mailing list