If you have websocket servers on your local network...
Maybe those aren't common, but it's very common to have something that looks just like one (speaks HTTP on port 80), which is called a web server. That might be embedded in your router or other device, or it may be a configuration interface for your POS, or it might be hiding in some other dark and unpatched corner that was formerly hidden behind a firewall. Of course it would be nice if the server simply doesn't respond (while writing alarms to the log) when it sees an Upgrade: websocket header, but can we be sure that all our hidden servers are so well-behaved?
The intention of the WebSocket protocol is that the handshake is sufficiently unlike HTTP that nobody could make a meaningful response to it by mistake.
As for non-meaningful responses, isn't this equivalent to using <img src="http://192.168.1.1/admin?action=evil"> to send an HTTP request? That's also not restricted by same-origin, and never has been and never will be. You get the same result -- you cause an HTTP request to be sent somewhere, and the response isn't useful to you nor is the contents of the response visible to you, but the request and its side effects still happen.
I'm not super well-versed in websocket design, so I'm happy to be convinced I'm wrong, but that's my understanding of why it works the way it does.
Maybe those aren't common, but it's very common to have something that looks just like one (speaks HTTP on port 80), which is called a web server. That might be embedded in your router or other device, or it may be a configuration interface for your POS, or it might be hiding in some other dark and unpatched corner that was formerly hidden behind a firewall. Of course it would be nice if the server simply doesn't respond (while writing alarms to the log) when it sees an Upgrade: websocket header, but can we be sure that all our hidden servers are so well-behaved?