Well, that constructor by default sends all the headers you have for your own do... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		omgtehlion on March 18, 2024 \| parent \| context \| favorite \| on: WebSockets vs. Server-Sent-Events vs. Long-Polling... Well, that constructor by default sends all the headers you have for your own domain and auth you are entitled to. This is how all other APIs in browsers work due to security and privacy concerns. If you call to other domains, then this problem is no different to what we had with CORS years ago.

apitman on March 18, 2024 [–]

> This is how all other APIs in browsers work due to security and privacy concerns

They're probably comparing it to the fetch and XHR APIs, which both allow custom headers.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact