JLSEC-2026-614 WebSocket default Origin check ignores scheme and port in HTTP.jl
Description The default WebSocket Origin validator originalloweddefault only enforced the host component of the same-origin tuple. It never checked the Origin's scheme, and when the request Host header carried no explicit port the norm for default-port 80/443 servers, where browsers omit the port...