Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Won't the browser still append the "Origin" field to WebSocket requests, allowing servers to reject them?


yes, and that's exactly how discord's websocket communication checks work (allowing them to offer a non-scheme "open in app" from the website).

they also had some kind of RPC websocket system for game developers, but that appears to have been abandoned: https://discord.com/developers/docs/topics/rpc




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: