Open wallisch opened 7 years ago
steviemo
commented
6 years ago I'm having the same issue as well. If you have a websocket at wss://test.com SocketRocket is setting the origin header of the connect request to https://test.com which my server rejects because of CORS. SocketRocket shouldn't be defaulting this header in the requests
eric-s321
commented
2 years ago @wallisch @steviemo could either of you please share how/where to disable this setting in the socket rocket library? I'm having trouble finding where this property is set and also running into a 1008 invalid origin error.
wallisch
commented
2 years ago eric-s321
commented
2 years ago thank you!
I've come across a Websocket server designed to only handle requests from native applications (not web browsers). Therefore, it does not perform origin checks via
originheader. According to the RFC 6455 Section 1.6, theoriginheader field is only useful when coming from web browsers, as a library as SocketRocket can always set its own headers. The problem is, that, by default, SocketRocket sets the servers address asorigin, causing my connection to be refused (1008 invalid origin). Of course i can set a custom value, but the connection always gets rejected when supplying theoriginheader, content does not matter, because i can not choose to NOT send the header.According to RFC 6455 Section 4.1.8, the
originheader field is only mandatory when the request comes from a web browser, and MAY be included if coming from a native application.At the moment, i manually disabled its insertion in the library, but it would be great if we could choose not to send the
originheader in some cases. In fact, why does it even get set by default? It is not mandatory if the client is not a web browser and if someone needs it, it can always be set by modifying theNSURLRequest.