Open wallisch opened 7 years ago
I'm having the same issue as well. If you have a websocket at wss://test.com SocketRocket is setting the origin header of the connect request to https://test.com which my server rejects because of CORS. SocketRocket shouldn't be defaulting this header in the requests
@wallisch @steviemo could either of you please share how/where to disable this setting in the socket rocket library? I'm having trouble finding where this property is set and also running into a 1008 invalid origin error.
thank you!
I've come across a Websocket server designed to only handle requests from native applications (not web browsers). Therefore, it does not perform origin checks via
origin
header. According to the RFC 6455 Section 1.6, theorigin
header field is only useful when coming from web browsers, as a library as SocketRocket can always set its own headers. The problem is, that, by default, SocketRocket sets the servers address asorigin
, causing my connection to be refused (1008 invalid origin). Of course i can set a custom value, but the connection always gets rejected when supplying theorigin
header, content does not matter, because i can not choose to NOT send the header.According to RFC 6455 Section 4.1.8, the
origin
header field is only mandatory when the request comes from a web browser, and MAY be included if coming from a native application.At the moment, i manually disabled its insertion in the library, but it would be great if we could choose not to send the
origin
header in some cases. In fact, why does it even get set by default? It is not mandatory if the client is not a web browser and if someone needs it, it can always be set by modifying theNSURLRequest.