IETF Logo Mail Archive

Re: [hybi] Are HTTP bodies allowed in Websocket client handshakes?

Andy Green <andy@warmcat.com> Wed, 01 November 2023 08:39 UTC

Return-Path: <andy@warmcat.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 003E1C15C284 for <hybi@ietfa.amsl.com>; Wed, 1 Nov 2023 01:39:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=warmcat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FgXvNFeJwvOD for <hybi@ietfa.amsl.com>; Wed, 1 Nov 2023 01:39:47 -0700 (PDT)
Received: from mog.warmcat.com (mog.warmcat.com [178.170.10.5]) by ietfa.amsl.com (Postfix) with ESMTP id 2A413C1524B3 for <hybi@ietf.org>; Wed, 1 Nov 2023 01:39:46 -0700 (PDT)
Received: from mx.warmcat.com (host31-53-7-249.range31-53.btcentralplus.com [31.53.7.249]) by mog.warmcat.com (Postfix) with ESMTPSA id 82D20135BEE; Wed, 1 Nov 2023 08:39:45 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mog.warmcat.com 82D20135BEE
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=warmcat.com; s=default; t=1698827985; bh=zseaPU75lxFqF1FOXKZFueTolXqi5psnrm9QeiMkYzA=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=O53ltNqgSNJVd0WOpYskvi7vY+gsHho7NCiR12awfgMWW8Y5hQaJ/IopHEyr//Zq3 +8Xr/SrkDHzudwmXS2azSlEmzPczpcX/HSb16tDPA58H7MHJOCK0feZG7DyAxYh6g4 zSyDWs2wEATFgyXNNdNiZKInEC8AO3Kw8q3lnC5o=
Received: from [10.8.0.10] (unknown [10.8.0.10]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (Client did not present a certificate) by mx.warmcat.com (Postfix) with ESMTPSA id 39D1120E20; Wed, 1 Nov 2023 08:39:44 +0000 (UTC)
Message-ID: <f01028ea-ad7b-444d-877b-225441ce11f1@warmcat.com>
Date: Wed, 01 Nov 2023 08:39:43 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Philipp Serafin <phil127@gmail.com>
Cc: Emile Cormier <emile.cormier.jr@gmail.com>, Hybi <hybi@ietf.org>
References: <CAM70yxBLYpf9uG=z2eAmQhRQgPvzvMWDC+vBPYEnq=Cqw7+9Bg@mail.gmail.com> <c7c1bc46-4eff-4087-954d-c478de999a3b@warmcat.com> <CAMaigV=L2bii6Dr8qT8VRm7haQDc+sD-KZNrBMb0PYYYhX3zkQ@mail.gmail.com>
Content-Language: en-US
From: Andy Green <andy@warmcat.com>
In-Reply-To: <CAMaigV=L2bii6Dr8qT8VRm7haQDc+sD-KZNrBMb0PYYYhX3zkQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/hybi/WHsxyLdtxm-NMFiHYgIdbN83Owc>
Subject: Re: [hybi] Are HTTP bodies allowed in Websocket client handshakes?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hybi/>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2023 08:39:53 -0000


On 11/1/23 08:16, Philipp Serafin wrote:

> Isn't the upgrade request still technically a  GET request? If so I'd 
> say this already prohibits the client from sending any body.

If it's written anywhere about the GET / UPGRADE relationship maybe so.

I took the question to be about how to deal with an UPGRADE with a body 
turning up if it's going to turn up, maliciously, legally or wrongly.

Not sure it's a big crisis but it does seem to have some space for 
making trouble not spelling it out what to do with it, (if it actually 
isn't spelt out somewhere else) Eg seeing such a thing, intermediaries 
that inspect the stream might be left in a state different than the 
endpoint, if they deal with it differently, eg it's data going out to a 
peer that an intermediary that's supposed to scan fails to look at etc.

I think for example lws will handle UPGRADE differently than other 
methods that might have a body and ignore it atm FWIW, if so it'll be 
treated as coalesced first ws content from the client or pipelined next 
transaction if unsuccessful on pipelined connection, that doesn't sound 
great from an intermediary smuggling pov if so.  It'd be better to hang 
up on any upgrades with bodies.

-Andy

> Andy Green <andy@warmcat.com <mailto:andy@warmcat.com>> schrieb am Mi., 
> 1. Nov. 2023, 08:26:
> 
> 
> 
>     On 10/31/23 22:22, Emile Cormier wrote:
>      > Hi,
>      >
>      > As per the subject, are HTTP bodies allowed in Websocket client
>      > handshakes? Should the server ignore them, or treat their
>     presence as a
>      > protocol error? Web searches don't bring up anything about this
>     question.
> 
>     At the time of the UPGRADE request, the connection is purely http
>     still,
>     so whatever you can send with UPGRADE and how to send it there is
>     defined outside of ws.
> 
>     https://datatracker.ietf.org/doc/html/rfc9110#name-upgrade
>     <https://datatracker.ietf.org/doc/html/rfc9110#name-upgrade>
> 
>     doesn't seem to talk about if you can send a body either, however it
>     does say
> 
>         A client cannot begin using an upgraded protocol on the connection
>         until it has completely sent the request message (i.e., the client
>         can't change the protocol it is sending in the middle of a message).
> 
>     "completely sent the request message" sounds like it would include any
>     pointless body that went out with the request message IIUI, implying
>     the
>     server should swallow the body before replying.  IOW "UPGRADE request"
>     includes any redundant body sent with it.
> 
>     In the case that the upgrade succeeds, data after the "UPGRADE request"
>     will switch to ws protocol.  The server will interpret any data after
>     the "UPGRADE request" as ws protocol data.
> 
>        - UPGRADE req no body -> server doesn't consume body -> OK
>        - UPGRADE req no body -> server consumes body -> OK
>        - UPGRADE req + body -> server doesn't consume body -> broken conn
>        - UPGRADE req no body -> server consumes body -> OK
> 
>     In the case the upgrade is denied, the connection remains in http.
>     There shouldn't be any leftover unconsumed body from the earlier failed
>     UPGRADE request to pipeline into as the next transaction, so again it
>     seems the server should eat any body with the upgrade request before
>     replying.
> 
>     At least, that's my understanding.
> 
>      > The RFC only uses the term "body" in relation to close, ping, and
>     pong
>      > frames
>     -Andy
> 
>      > Cheers,
>      > Emile Cormier
>      >
>      > _______________________________________________
>      > hybi mailing list
>      > hybi@ietf.org <mailto:hybi@ietf.org>
>      > https://www.ietf.org/mailman/listinfo/hybi
>     <https://www.ietf.org/mailman/listinfo/hybi>
> 
>     _______________________________________________
>     hybi mailing list
>     hybi@ietf.org <mailto:hybi@ietf.org>
>     https://www.ietf.org/mailman/listinfo/hybi
>     <https://www.ietf.org/mailman/listinfo/hybi>
>

v2.23.0 | Report a Bug | By Email