I’ve never yet seen a non-browser websocket tool that doesn’t accept an origin request (in addition I’ve not seen any non-browser tool able to use the cookies from the browser either), and if something did not support stated an origin then I don’t see how it would work with any websocket conforming server implementation? Though I’ve never heard of Cordova so I’m unsure of how popular it is or what it’s use is either, but I still doubt it pulls the cookie from the browser as it is?
Eh just listing security examples, I was conflating form post injections and all together, rushing too fast due to lack of time to type here. ^.^
And right you aren’t by the origin check, shooting someone in the foot is their own doing and entirely outside of standard operating setup, but disallowing a standards based storage method is highly irritating regardless and I’m still not seeing the point in it.
