[hybi] Client offers invalid WS protocols, what must the server do? 101???
Iñaki Baz Castillo <ibc@aliax.net> Sun, 28 August 2011 22:38 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C8AD21F872A for <hybi@ietfa.amsl.com>; Sun, 28 Aug 2011 15:38:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.646
X-Spam-Level:
X-Spam-Status: No, score=-2.646 tagged_above=-999 required=5 tests=[AWL=0.031, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4P9UwUopWMKT for <hybi@ietfa.amsl.com>; Sun, 28 Aug 2011 15:38:34 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 8344B21F8713 for <hybi@ietf.org>; Sun, 28 Aug 2011 15:38:34 -0700 (PDT)
Received: by qwc23 with SMTP id 23so3521983qwc.31 for <hybi@ietf.org>; Sun, 28 Aug 2011 15:39:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.42.14 with SMTP id q14mr4946334qce.122.1314571196959; Sun, 28 Aug 2011 15:39:56 -0700 (PDT)
Received: by 10.229.219.141 with HTTP; Sun, 28 Aug 2011 15:39:56 -0700 (PDT)
Date: Mon, 29 Aug 2011 00:39:56 +0200
Message-ID: <CALiegfkC9dLOnLfSQApE9OjoSV1RXT7cTumZ6+yCR1tWo_cvmw@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: hybi@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: [hybi] Client offers invalid WS protocols, what must the server do? 101???
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2011 22:38:35 -0000
Hi, the draft (12) says: /subprotocol/ Either a single value representing the subprotocol the server is ready to use or null. The value chosen MUST be derived from the client's handshake, specifically by selecting one of the values from the "Sec-WebSocket-Protocol" field that the server is willing to use for this connection (if any). If the client's handshake did not contain such a header field, or if the server does not agree to any of the client's requested subprotocols, the only acceptable value is null. The absence of such a field is equivalent to the null value (meaning that if the server does not wish to agree to one of the suggested subprotocols, it MUST NOT send back a |Sec-WebSocket-Protocol| header field in its response). So if the server just supports protocols "aaa" and "bbb" but the client offers "ccc" and "ddd", the above text states that the server must reply 101 without Sec-WebSocket-Protocol header. So then, *what* are the client and the server supposed to speak now?? If the client has ***explicitly*** offered protocols "ccc" and "ddd" and the server does not support them, the server should REJECT the WS handshake, sure, rather than sending a 101. IMHO "501 Not Implemented" could be a good HTTP response for this case. The WebSocket handshake (HTTP GET + 101) is a negotiation between client and server. If the negotiation fails, the WS GET request MUST be rejected rather than accepted. The current text seems to allow ugly JavaScript developers to set a random protocol string (just for funny) in the Websocket JS API for the function "connect(URL, protocols)". Please make it strict. Regards. -- Iñaki Baz Castillo <ibc@aliax.net>
- [hybi] Client offers invalid WS protocols, what m… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… Alexey Melnikov
- Re: [hybi] Client offers invalid WS protocols, wh… Alexey Melnikov
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… Alexey Melnikov
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… John Tamplin
- Re: [hybi] Client offers invalid WS protocols, wh… Alexey Melnikov
- Re: [hybi] Client offers invalid WS protocols, wh… Philipp Serafin
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… Bruce Atherton
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… Philipp Serafin
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… John Tamplin
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… Philipp Serafin
- Re: [hybi] Client offers invalid WS protocols, wh… John Tamplin
- Re: [hybi] Client offers invalid WS protocols, wh… Philipp Serafin
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… Brian
- Re: [hybi] Client offers invalid WS protocols, wh… Joel Martin
- Re: [hybi] Client offers invalid WS protocols, wh… Brian
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo
- Re: [hybi] Client offers invalid WS protocols, wh… Iñaki Baz Castillo