Well, that constructor by default sends all the headers you have for your own do... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

omgtehlion 10 months ago | parent | context | favorite | on: WebSockets vs. Server-Sent-Events vs. Long-Polling...

Well, that constructor by default sends all the headers you have for your own domain and auth you are entitled to. This is how all other APIs in browsers work due to security and privacy concerns.

If you call to other domains, then this problem is no different to what we had with CORS years ago.

apitman 10 months ago [–]

> This is how all other APIs in browsers work due to security and privacy concerns

They're probably comparing it to the fetch and XHR APIs, which both allow custom headers.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact