Let's say that I have my own customized web browser based on Java Chromium Embedded Framework (JCEF) and it internally runs a WebSocket server.
Now my web app, running on my CustomWebBrowser, can use websockets to connect with the internal WebSocket server.
However, I do not want any other websocket client (another browser or desktop app using websockets) connect to my internal WebSocket server.
One of the ways of doing that is by following these steps:
Web app will send that secret to the internal WebSocket server during the handshake, something like this:
var ws = new WebSocket(myURL, protocols, mySecret);
The internal WebSocket server can verify the secret with the CustomBrowser which generated and sent the secret in Step 1.
If the secret is verified then the handshake is successfully completed, or else the websocket connection is rejected.
My question is: Is it possible to send any custom data during the websocket handshake?
Yes, WebSocket handshake uses normal looking HTTP request/response, to which you can add arbitrary headers containing customized information.
Libraries of WebSocket client/server may not allow to do that though; but you can always embed information in url or protocol when initiating connection from the client side.