From cf8b31e09f6517471cff983bf0bdaba36bd68938 Mon Sep 17 00:00:00 2001
From: Adam Rice <ricea@chromium.org>
Date: Fri, 8 Jun 2018 23:48:41 +0900
Subject: [PATCH] Stop saying WebSocket auth is disallowed

Remove the warning that HTTP authentication is prohibited for
WebSockets.

See #565 for background.
---
 fetch.bs | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/fetch.bs b/fetch.bs
index 9468109d0..29de1749b 100644
--- a/fetch.bs
+++ b/fetch.bs
@@ -6301,12 +6301,11 @@ therefore not shareable, a WebSocket connection is very close to identical to an
 <p><dfn>Fail the WebSocket connection</dfn> and <dfn>the WebSocket connection is established</dfn>
 are defined by The WebSocket Protocol. [[!WSP]]
 
-<p class=warning>The reason redirects are not followed, HTTP authentication will not function, and
-this handshake is generally restricted is because that could introduce serious security problems in
-a web browser context. For example, consider a host with a WebSocket server at one path and an open
-HTTP redirector at another. Suddenly, any script that can be given a particular WebSocket URL can be
-tricked into communicating to (and potentially sharing secrets with) any host on the internet, even
-if the script checks that the URL has the right hostname.
+<p class=warning>The reason redirects are not followed is because it could introduce serious
+security problems in a web browser context. For example, consider a host with a WebSocket server at
+one path and an open HTTP redirector at another. Suddenly, any script that can be given a particular
+WebSocket URL can be tricked into communicating to (and potentially sharing secrets with) any host
+on the internet, even if the script checks that the URL has the right hostname.
 <!-- https://www.ietf.org/mail-archive/web/hybi/current/msg06951.html -->