Stop saying WebSocket auth is disallowed

Remove the warning that HTTP authentication is prohibited for WebSockets. See whatwg#565 for background.
ricea · Jun 8, 2018 · cf8b31e · cf8b31e
1 parent 2f3d04d
commit cf8b31e
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/fetch.bs b/fetch.bs
@@ -6301,12 +6301,11 @@ therefore not shareable, a WebSocket connection is very close to identical to an
 <p><dfn>Fail the WebSocket connection</dfn> and <dfn>the WebSocket connection is established</dfn>
 are defined by The WebSocket Protocol. [[!WSP]]
 
-<p class=warning>The reason redirects are not followed, HTTP authentication will not function, and
-this handshake is generally restricted is because that could introduce serious security problems in
-a web browser context. For example, consider a host with a WebSocket server at one path and an open
-HTTP redirector at another. Suddenly, any script that can be given a particular WebSocket URL can be
-tricked into communicating to (and potentially sharing secrets with) any host on the internet, even
-if the script checks that the URL has the right hostname.
+<p class=warning>The reason redirects are not followed is because it could introduce serious
+security problems in a web browser context. For example, consider a host with a WebSocket server at
+one path and an open HTTP redirector at another. Suddenly, any script that can be given a particular
+WebSocket URL can be tricked into communicating to (and potentially sharing secrets with) any host
+on the internet, even if the script checks that the URL has the right hostname.
 <!-- https://www.ietf.org/mail-archive/web/hybi/current/msg06951.html -->