Re: [hybi] Concerns about Origin
John Tamplin <jat@google.com> Mon, 22 November 2010 16:58 UTC
Return-Path: <jat@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 17FAB3A6A9A for <hybi@core3.amsl.com>; Mon, 22 Nov 2010 08:58:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.857
X-Spam-Level:
X-Spam-Status: No, score=-109.857 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N2Gu5HNNolex for <hybi@core3.amsl.com>; Mon, 22 Nov 2010 08:58:03 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id 0A6EA3A6A98 for <hybi@ietf.org>; Mon, 22 Nov 2010 08:58:02 -0800 (PST)
Received: from hpaq13.eem.corp.google.com (hpaq13.eem.corp.google.com [172.25.149.13]) by smtp-out.google.com with ESMTP id oAMGwwMK005308 for <hybi@ietf.org>; Mon, 22 Nov 2010 08:58:58 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1290445138; bh=81Tl3q2FhEIGJM8jTopmvVo1qvU=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=SX2s259T/aBrHJeKf3paRc5IXcT8JLzXLmSllXwq72nrVqtuijYq7Qoj90nRIpvQI hMgp6IveCL1Br/npywWiw==
Received: from yxd39 (yxd39.prod.google.com [10.190.1.231]) by hpaq13.eem.corp.google.com with ESMTP id oAMGwuV8006621 for <hybi@ietf.org>; Mon, 22 Nov 2010 08:58:57 -0800
Received: by yxd39 with SMTP id 39so1469293yxd.26 for <hybi@ietf.org>; Mon, 22 Nov 2010 08:58:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type; bh=q+rjv2jDM1Qq1ZATal0m69rxzzkOTHamtP435K5HYcE=; b=jZDBqm8PWD2ScXMwZz9oYQhspx8JtSrQ2h9OVkuUdF+moIfZeoT0jYa1sz5sDag35g fsbHZyYNcx4T6PJR+gpw==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=CqKXOYynUD1OiaeAURE2qtdmmcsoyvMp1S84A5FRos7eInAApxgvF+DP/nNAgCEYKY uCfhwJvb2ky3z6No+ONg==
Received: by 10.151.143.12 with SMTP id v12mr9866131ybn.35.1290445136280; Mon, 22 Nov 2010 08:58:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.150.54.13 with HTTP; Mon, 22 Nov 2010 08:58:36 -0800 (PST)
In-Reply-To: <op.vmky62ixidj3kv@dhcp-190.linkoping.osa>
References: <op.vmkpgllmidj3kv@simon-pieterss-macbook.local> <AANLkTi=hVXa1yFbLr-pRS25gA2F__X3bM9w08O99my6s@mail.gmail.com> <op.vmky62ixidj3kv@dhcp-190.linkoping.osa>
From: John Tamplin <jat@google.com>
Date: Mon, 22 Nov 2010 11:58:36 -0500
Message-ID: <AANLkTi=qKiqcKPf3hcOzD5QfWvU-6ncfhMO6hwyV9sxM@mail.gmail.com>
To: Simon Pieters <simonp@opera.com>
Content-Type: text/plain; charset="UTF-8"
X-System-Of-Record: true
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Concerns about Origin
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2010 16:58:04 -0000
On Mon, Nov 22, 2010 at 11:38 AM, Simon Pieters <simonp@opera.com> wrote: >> APIs for server apps should have a hook to the handshake event, so >> that apps can participate in the handshake. Apps have an opportunity >> here to check Origin, set cookies, etc. per connection. > > pywebsocket allows apps to do extra checks in the handshake, but I'd like to > take a step further and make the origin choice a required step for the app > writer. I would prefer the default behavior of the server to be that the origin has to match exactly, but that the app can override it, or when the app is registered with the server it gives a list of acceptable Origins. -- John A. Tamplin Software Engineer (GWT), Google
- Re: [hybi] Concerns about Origin Zhong Yu
- Re: [hybi] Concerns about Origin Simon Pieters
- [hybi] Concerns about Origin Simon Pieters
- Re: [hybi] Concerns about Origin John Tamplin
- Re: [hybi] Concerns about Origin Zhong Yu
- Re: [hybi] Concerns about Origin Zhong Yu
- Re: [hybi] Concerns about Origin Simon Pieters
- Re: [hybi] Concerns about Origin Simon Pieters
- Re: [hybi] Concerns about Origin Sylvain Hellegouarch