File tree 1 file changed +6
-6
lines changed
1 file changed +6
-6
lines changed Original file line number Diff line number Diff line change @@ -6307,12 +6307,12 @@ therefore not shareable, a WebSocket connection is very close to identical to an
63076307<p> <dfn>Fail the WebSocket connection</dfn> and <dfn>the WebSocket connection is established</dfn>
63086308are defined by The WebSocket Protocol. [[!WSP]]
63096309
6310- <p class=warning> The reason redirects are not followed, HTTP authentication will not function, and
6311- this handshake is generally restricted is because that could introduce serious security problems in
6312- a web browser context. For example, consider a host with a WebSocket server at one path and an open
6313- HTTP redirector at another. Suddenly, any script that can be given a particular WebSocket URL can be
6314- tricked into communicating to (and potentially sharing secrets with) any host on the internet, even
6315- if the script checks that the URL has the right hostname.
6310+ <p class=warning> The reason redirects are not followed and this handshake is generally restricted is
6311+ because it could introduce serious security problems in a web browser context. For example, consider
6312+ a host with a WebSocket server at one path and an open HTTP redirector at another. Suddenly, any
6313+ script that can be given a particular WebSocket URL can be tricked into communicating to (and
6314+ potentially sharing secrets with) any host on the internet, even if the script checks that the URL
6315+ has the right hostname.
63166316<!-- https://www.ietf.org/mail-archive/web/hybi/current/msg06951.html -->
63176317
63186318
You can’t perform that action at this time.
0 commit comments