Hacker News new | past | comments | ask | show | jobs | submit login

I don't see the point of websockets, why not just let the browser make normal outbound TCP connections?



I think the main points WebSocket vs. unrestricted TCP sockets is:

1. Support for a browser-appropriate security model (origin-based)

2. Not requiring extra work to pass through HTTP-friendly (and everything-else-hostile) firewalls.


I assume you would apply the same origin policy to the connections.

The firewall point is good, although I don't understand why you would want to block general TCP connections but not websock.


A lot of corporate environments prevent you from connecting to anything but port 80 and 443. Websockets is the only way for you to multiplex your tcp-like connections over port 80.


Right, but I assume they block those other ports for a reason. What is different about websocket that makes that reason no longer apply?


Because: we want a message-based protocol, and we want to make it (comparatively) hard to launch a DDOS attack using visitors to a website.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: