IETF Logo Mail Archive

Re: [hybi] "Establish a WebSocket Connection" does not allow for cookies

Salvatore Loreto <salvatore.loreto@ericsson.com> Thu, 17 September 2015 12:54 UTC

Return-Path: <salvatore.loreto@ericsson.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 038DB1B2DE5 for <hybi@ietfa.amsl.com>; Thu, 17 Sep 2015 05:54:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id znVu60jgR2Xb for <hybi@ietfa.amsl.com>; Thu, 17 Sep 2015 05:54:53 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 568471B2DEC for <hybi@ietf.org>; Thu, 17 Sep 2015 05:54:50 -0700 (PDT)
X-AuditID: c1b4fb2d-f79626d000004282-0e-55fab818fef0
Received: from ESESSHC020.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 9B.B0.17026.818BAF55; Thu, 17 Sep 2015 14:54:48 +0200 (CEST)
Received: from ESESSMB109.ericsson.se ([169.254.9.178]) by ESESSHC020.ericsson.se ([153.88.183.78]) with mapi id 14.03.0248.002; Thu, 17 Sep 2015 14:54:47 +0200
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
To: Anne van Kesteren <annevk@annevk.nl>, Julian Reschke <julian.reschke@gmx.de>
Thread-Topic: [hybi] "Establish a WebSocket Connection" does not allow for cookies
Thread-Index: AQHQ5//cXjpSR1mS+kyyBSl2Pt2hRZ4uGl2AgAFg/ACAEUSLQA==
Date: Thu, 17 Sep 2015 12:54:47 +0000
Message-ID: <2B9B48179856DC4FA00C93C79EB7E64A0E965F03@ESESSMB109.ericsson.se>
References: <CADnb78iWYqqG1t+bYRtMvFifJru06JXb0=KQgfunRrXt-+8E8w@mail.gmail.com> <55EB2FBF.4080602@gmx.de> <CADnb78hy8zG_PuOY9X0wtyJLqOH=D8BHyTnqjgwXtze3UmG9ZA@mail.gmail.com>
In-Reply-To: <CADnb78hy8zG_PuOY9X0wtyJLqOH=D8BHyTnqjgwXtze3UmG9ZA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.146]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGLMWRmVeSWpSXmKPExsUyM+Jvja7Ejl+hBj8PKlsc+aZm8f7lNiaL zQ/fsDowe1y73sHs8eFjnMeSJT+ZApijuGxSUnMyy1KL9O0SuDLmT7jFUtDHW9H04SRzA+NZ ri5GTg4JAROJviUXGSFsMYkL99azdTFycQgJHGWUOHD6OhOEs4RR4tT7H0wgVWwCZhLPH25h BrFFBIIkZj3eDRZnFlCWuHpsBQuILSwQLPFw3nwWiJoQiTP3jrNC2E4S11d3sYPYLAKqEld3 rmMDsXkFfCUOLz7PCrFsM6NEx7//QCdxcHAKBEosup8IUsMIdN33U2ugdolL3HoynwniagGJ JXvOM0PYohIvH/9jhbCVJH5suMQCUa8jsWD3JzYIW1ti2cLXzBB7BSVOznzCMoFRbBaSsbOQ tMxC0jILScsCRpZVjKLFqcXFuelGxnqpRZnJxcX5eXp5qSWbGIERdXDLb90djKtfOx5iFOBg VOLhfRD2K1SINbGsuDL3EKM0B4uSOG8L04NQIYH0xJLU7NTUgtSi+KLSnNTiQ4xMHJxSDYxd UfmyC35GdlWwKKhtmyIh8TVy3cvPldoNM6Z4VhtUzq2eqOYd1WcouC/8ydGUozNaHXhf7/2/ vqdWJYd5+4VpT4+2bXzmPnFBfs9085WZR2YknjE07nOccGhbbOWLvKI5X3VmrZRas/NDj23B hKxj268fuLfQviv//0wTIb5Eh4/z+s46bn+nxFKckWioxVxUnAgANQGowYkCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/hybi/G-c03ZA3IoYreY7KjCbrQ3NgQtc>
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] "Establish a WebSocket Connection" does not allow for cookies
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hybi/>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 12:54:55 -0000

Not completely sure, but maybe we can worn on an Errata to clarify this

br
Salvatore

-----Original Message-----
From: hybi [mailto:hybi-bounces@ietf.org] On Behalf Of Anne van Kesteren
Sent: den 6 september 2015 17:12
To: Julian Reschke
Cc: hybi@ietf.org
Subject: Re: [hybi] "Establish a WebSocket Connection" does not allow for cookies

On Sat, Sep 5, 2015 at 8:09 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 2015-09-05 19:25, Anne van Kesteren wrote:
>> After the tenth protocol draft this algorithm broke a hook the API 
>> standard was using and those authoring the WebSocket API were never 
>> notified.
>>
>> See https://www.w3.org/Bugs/Public/show_bug.cgi?id=27869 for details.
>>
>> How do you suggest this gets fixed?
>
> The subject line is misleading.

It's the name of the algorithm defined in the RFC that takes a set number of arguments of which headers and/or cookies are not an acceptable argument.


> <https://tools.ietf.org/html/rfc6455#section-4.1>, item 12 in the 
> second list is:
>
>>    12.  The request MAY include any other header fields, for example,
>>         cookies [RFC6265] and/or authentication-related header fields
>>         such as the |Authorization| header field [RFC2616], which are
>>         processed according to documents that define them.

This step cannot be influenced from the API. The "request" is constructed by this algorithm and the influence the API has over it is carefully defined.


--
https://annevankesteren.nl/

_______________________________________________
hybi mailing list
hybi@ietf.org
https://www.ietf.org/mailman/listinfo/hybi

v2.23.0 | Report a Bug | By Email