I have an application that needs to communicate via WebSocket with two servers each in its own independent domain.
Is it possible to configure CORS to allow this dual and simultaneous communication?
I have an application that needs to communicate via WebSocket with two servers each in its own independent domain.
Is it possible to configure CORS to allow this dual and simultaneous communication?
Information about WebSockets and the same source policy are sparse (and conflicting ) , but it appears that they are not subject to this policy, and therefore can be used to communicate with other domains.
According to wikipedia , the WebSockets handshake protocol requires that is sent with a header with the request, and the server must then decide whether or not to accept a connection to that source. It also seems that there are differences between trying a connection using the Origin
protocol or the http(s)
protocol - and the use of one or the other has implications on application security (ie in the case of http at least, authentication cookies are sent).