IETF Logo Mail Archive

Re: [hybi] WebSocket feedback

Vladimir Katardjiev <vladimir@d2dx.com> Thu, 04 March 2010 08:22 UTC

Return-Path: <vladimir@d2dx.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3C0A43A7D53 for <hybi@core3.amsl.com>; Thu, 4 Mar 2010 00:22:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Flk0QaAiM-tU for <hybi@core3.amsl.com>; Thu, 4 Mar 2010 00:22:54 -0800 (PST)
Received: from homiemail-a38.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207]) by core3.amsl.com (Postfix) with ESMTP id B83A93A7C0A for <hybi@ietf.org>; Thu, 4 Mar 2010 00:22:54 -0800 (PST)
Received: from dhcp122.verkstad.net (dhcp122.verkstad.net [192.36.157.122]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 82365D4E68 for <hybi@ietf.org>; Thu, 4 Mar 2010 00:22:55 -0800 (PST)
From: Vladimir Katardjiev <vladimir@d2dx.com>
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: multipart/signed; boundary="Apple-Mail-2--526521256"; protocol="application/pkcs7-signature"; micalg="sha1"
Date: Thu, 04 Mar 2010 09:22:50 +0100
In-Reply-To: <4B8F6056.8060809@webtide.com>
To: Hybi <hybi@ietf.org>
References: <8B0A9FCBB9832F43971E38010638454F032E566DDF@SISPE7MB1.commscope.com> <Pine.LNX.4.64.1002150605580.29686@ps20323.dreamhostps.com> <4B8F6056.8060809@webtide.com>
Message-Id: <CE4EF44A-6C8F-43BC-ABF4-777C1149A16F@d2dx.com>
X-Mailer: Apple Mail (2.1077)
Subject: Re: [hybi] WebSocket feedback
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2010 08:22:56 -0000

I like this update, especially that the handshake is human-readable in the spec now. Caveat that I haven't implemented it yet so I guess proper feedback comes then.

On 4 mar 2010, at 08.25, Greg Wilkins wrote:
> 
> If the handshake messages are to contain content, then they
> MUST have headers to indicate the content length to be legal
> HTTP: in this case, a Content-Length header would be appropriate

I interpret the "content" to not relate to the HTTP handshake, but belong to the WebSocket stream. To quote:

"I've moved some of the handshake to the WebSocket 
_connection_, after the headers." (emphasis mine)

Besides, a GET request can't have a body, so it's pretty much intended to break. However, if you instead view the sequence as WS Upgrade -> client sent body -> server sent reply it is perfectly valid.

> Considering that we are already shipping products with
> websocket implementations from the existing draft, can we
> specify a transition to the new handshake in an appendix.
> 
> Ie while the standard is under development connections without
> websocket keys MAY be accepted, but implementation SHOULD warn
> that support for such connections is deprecated.

Actually, it's not enough to just drop the keys. The header names changed too so you'd need to read WebSocket-Location instead of Sec-WebSocket-Location, for example. It's almost as if we're at a new "version" now.
> 
> The text of 1.3, still kind of implies that the HTTP fields
> must be ordered as per the spec.  Can we add a sentence to say
> that header ordering may be different.

YMMV, but I don't see any such implication in the text.

Later on, the client handshake is explicitly asked to send the headers in a _random_ order (although _any_ order should do fine?) so there should be no confusion on that point.
> 
> Also I'm not sure this sentence is really that clear:
> 
> "Additional fields are used to select options in the WebSocket
>   protocol.  The only option available in this version is the
>   subprotocol selector, |Sec-WebSocket-Protocol|:"
> 
> I thought we were going to allow arbitrary extra headers,
> but that their interpretation was not defined by the ws spec
> other than the optional Sec-WebSocket-Protocol.    We still
> need to allow headers for cookies, authentication etc.

Yes. Client handshake step 15 explicitly adds those cookies. This part I guess is intended for things that can be modified directly using the API. The "arbitrary" extra headers permitted thus far are only things added by the browser implicitly. 

Vladimir

v2.23.0 | Report a Bug | By Email