Skip to content

Conform to protocol for identifying websockets handshake requests #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
astrieanna opened this issue Mar 21, 2013 · 3 comments
Open

Conform to protocol for identifying websockets handshake requests #8

astrieanna opened this issue Mar 21, 2013 · 3 comments
Labels
websockets

Comments

@astrieanna
Copy link
Member

From the websockets RFC:

  1. An Upgrade header field containing the value "websocket",
    treated as an ASCII case-insensitive value.
  2. A Connection header field that includes the token "Upgrade",
    treated as an ASCII case-insensitive value.
  3. A Sec-WebSocket-Key header field with a base64-encoded (see
    Section 4 of [RFC4648]) value that, when decoded, is 16 bytes in
    length.
  4. A Sec-WebSocket-Version header field, with a value of 13.

Currently, we look for an Upgrade header with the case-sensitive value "websocket".

If some but not all of the websockets properties hold, we should response with an appropriate error. Just not identifying non-complying requests as websockets handshakes should work out ok, but if it has any of the headers with "websocket" in the name or value (but does not follow all four), then I think we should response with an error at that point.

The Sec-Websocket-Key property can be determined by counting the total number of characters and the number of =-signs at the end of the value. 16 = 22 + 2=. (Meaning you don't actually have to decode it to figure out whether the length property holds.)
@astrieanna
Copy link
Member Author

More details about handling things based on headers:

/version/
The |Sec-WebSocket-Version| header field in the client's
handshake includes the version of the WebSocket Protocol with
which the client is attempting to communicate. If this
version does not match a version understood by the server, the
server MUST abort the WebSocket handshake described in this
section and instead send an appropriate HTTP error code (such
as 426 Upgrade Required) and a |Sec-WebSocket-Version| header
field indicating the version(s) the server is capable of
understanding.

If they set Sec-WebSocket-Version to something other than 13,
then we send a 426 response with a Sec-WebSocket-Version header set to 13.

This versioning is clearly coupled to the websockets stuff, not the HTTP handling stuff, so the test should be implemented in the websockets.jl file. (So this issue is mostly just me taking notes on the RFC). I think this means that the HTTP handling stuff should call a predicate from the websockets file/module rather than having it's own iswebsocketshandshake function.

@despeset despeset closed this as completed Apr 8, 2013
@astrieanna
Copy link
Member Author

@danielmendel Wait, when did we add the 426 response?

@despeset
Copy link
Member

despeset commented Apr 8, 2013

Whoops!

@despeset despeset reopened this Apr 8, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
websockets
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@despeset @astrieanna