Luigi Pinca

A good alternative is the one proposed by @zoltan-mihalyi here https://github.com/websockets/ws/issues/377#issuecomment-420169849. Adding stuff to the `WebSocket` or `http.IncomingMessage` object should be user decision and not the default (return value of...

It is not currently deprecated, its use is discouraged. The difference is small but `verifyClient` is heavily used so it is not going away anytime soon.

In the same way it is done implicitly by `verifyClient`. See https://github.com/websockets/ws/blob/fa991731cca990f40ecedb120918d14d08129673/lib/websocket-server.js#L384-L406 This is why in my opinion with the usage suggested above the developer has more freedom. You can...

It is not strictly needed but it does not harm.

@crussell52 I prefer developers to write their own `abortHandshake()` helper if they have to. It's trivial to do.

> The current recommendation requires developers to do so even if they want the default abort behavior. No, they can just call `socket.destroy()` if they don't want to write a...

It was not designed to be a public API. It's too limiting and hard to use and I prefer to not change it to fit every possible use case. It...

@fungiboletus see https://github.com/websockets/ws/issues/377#issuecomment-537176176. In your example you are only using `res.writeHead()` without specifying any headers so you could do something like this: ```js const http = require('http'); const WebSocket =...

@jplymale-jt no, because in that case the `'upgrade'` listener is added internally.

> Is there some other way to prevent an upgrade if it is instantiated with an http `server`? I'm trying to prevent upgrade if the origin does not match (CORS)....