[James_K]

Won't the browser still append the "Origin" field to WebSocket requests, allowing servers to reject them?

[bstsb]

yes, and that's exactly how discord's websocket communication checks work (allowing them to offer a non-scheme "open in app" from the website).

they also had some kind of RPC websocket system for game developers, but that appears to have been abandoned: https://discord.com/developers/docs/topics/rpc