IETF Logo Mail Archive

Re: [hybi] Fwd: Web sockets and existing HTTP stacks

Greg Wilkins <gregw@webtide.com> Sat, 21 November 2009 00:26 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E0F233A6829 for <hybi@core3.amsl.com>; Fri, 20 Nov 2009 16:26:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSIOsWSzlnvv for <hybi@core3.amsl.com>; Fri, 20 Nov 2009 16:26:43 -0800 (PST)
Received: from mail-yw0-f183.google.com (mail-yw0-f183.google.com [209.85.211.183]) by core3.amsl.com (Postfix) with ESMTP id EF5003A6810 for <hybi@ietf.org>; Fri, 20 Nov 2009 16:26:42 -0800 (PST)
Received: by ywh13 with SMTP id 13so4452173ywh.29 for <hybi@ietf.org>; Fri, 20 Nov 2009 16:26:40 -0800 (PST)
Received: by 10.150.29.2 with SMTP id c2mr3773449ybc.311.1258763199810; Fri, 20 Nov 2009 16:26:39 -0800 (PST)
Received: from ?10.10.1.9? (60-242-119-126.tpgi.com.au [60.242.119.126]) by mx.google.com with ESMTPS id 15sm1039104gxk.12.2009.11.20.16.26.36 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 20 Nov 2009 16:26:38 -0800 (PST)
Message-ID: <4B0733B8.4080806@webtide.com>
Date: Sat, 21 Nov 2009 11:26:32 +1100
From: Greg Wilkins <gregw@webtide.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: hybi@ietf.org
References: <557ae280911171402v7546e5e7n93a1e57f87dc10e5@mail.gmail.com> <557ae280911200708l358293eeif999d8c1b8f6f5d8@mail.gmail.com> <20091120160423.GC20634@shareable.org>
In-Reply-To: <20091120160423.GC20634@shareable.org>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [hybi] Fwd: Web sockets and existing HTTP stacks
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Nov 2009 00:26:44 -0000

Jamie Lokier wrote:

> The main spec editor believes WebSocket should intentionally fail when
> encountering a proxy etc. and the web application should fall back to
> some other method in that case, or simply not support those cases.
> 
> Needless to say, several people take the opposite view, that it should
> work over general HTTP infrastructure, but as that would make the
> protocol more complicated and simplicity is also a goal, there is no
> consensus.

All,

As an example of the problems resulting from this spec, I had some
hassle implementing websocket support within the Jetty codebase.

When processing headers of a response, jetty mostly encodes them directly
into the output buffer as it iterates over them.  However a few headers
are held back until all the other headers have been processed as
the values of other headers might influence the values imposed on
transport headers.    For example, the lack of a content-length
header might mean that a "close" value needs to be added to the
"Connection" header.    Thus Jetty delays generation of the connection
header until all the other headers have been processed.

This means the for Jetty responses, the connection header is normally
one of the last headers generated.

Unfortunately this breaks the websocket specification, which insists
on the Connection header being immediately after the Upgrade header
and before the other WebSocket- headers

I thus have had to put a special purpose hack in place deep in the
HTTP generation code for jetty - to not delay Connection header handling
if the response looks like a websocket upgrade response.  Alternately
I could refactor the generator to do two passes over the headers, or
use a special purpose generator just for this response.

However, it is my expectation that such special purpose hacks or
refactoring of existing working code will result in far more breakage
and security risks than any possible gain resulting from a strict
adherence to header ordering.

Existing HTTP code allows great flexibility in handling of headers
and most code will be written with this assumption.

Is there any consensus at all that strict header equivalence is
a reasonable thing for this specification to have and is worth
breaking the vast majority of existing HTTP code?

regards

v2.23.0 | Report a Bug | By Email