The sockjs code embedded in meteor-sockjs was lifted from 0.3.4 which is now seven years old (from 2012).
It is statically imported and therefore used even when native websockets are available.
There are bugs like this one that flood my apm (monti) error logs with thousands upon thousands of client-side errors.
Sockjs also comes with a lot of handshaking of its own through http calls to /sockjs routes and that worries me from a security perspective. Are these documented?
So I was wondering if there is any reasonable way to NOT load sockjs and all its mechanics and instead just use native webhooks given that modern browsers seem to support them across the board?