Re: [hybi] Why HTTP Compliant
Greg Wilkins <gregw@webtide.com> Tue, 01 June 2010 15:05 UTC
Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 932903A6A2F for <hybi@core3.amsl.com>; Tue, 1 Jun 2010 08:05:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.122
X-Spam-Level: **
X-Spam-Status: No, score=2.122 tagged_above=-999 required=5 tests=[AWL=1.499, BAYES_50=0.001, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JfFGBZv3Mms8 for <hybi@core3.amsl.com>; Tue, 1 Jun 2010 08:05:12 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 0FB443A63C9 for <hybi@ietf.org>; Tue, 1 Jun 2010 08:05:11 -0700 (PDT)
Received: by wyf23 with SMTP id 23so897243wyf.31 for <hybi@ietf.org>; Tue, 01 Jun 2010 08:04:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.143.66 with SMTP id t2mr5933262wbu.116.1275404695781; Tue, 01 Jun 2010 08:04:55 -0700 (PDT)
Received: by 10.216.52.9 with HTTP; Tue, 1 Jun 2010 08:04:55 -0700 (PDT)
In-Reply-To: <op.vdmg9uenidj3kv@simon-pieterss-macbook.local>
References: <AANLkTikzNjRse7cK8hl7eX0zWL3xP0xgbGTV8hz8RruH@mail.gmail.com> <op.vdmg9uenidj3kv@simon-pieterss-macbook.local>
Date: Tue, 01 Jun 2010 16:04:55 +0100
Message-ID: <AANLkTil1gofHSKy1laRnudnZePhuDnAP53OZrq_b-kR5@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: Simon Pieters <simonp@opera.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Why HTTP Compliant
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jun 2010 15:05:13 -0000
Simon, I agree that there are parts of the spec that imply arbitrary headers are acceptable, but it also says: Fields in the handshake are sent by the client in a random order; the order is not meaningful. Additional fields are used to select options in the WebSocket protocol. The only options available in this version are the ... Ian has indicated that this means that the presence of other headers means that the handshake should fail. It would be really good if I have misunderstood what he has said about this, but at least some implementations of chromium do implement a ban on extra headers. But I can't tell you exactly what versions of the draft they implement (gee a ws version string or user-agent header would be really really useful!!!!!!) cheers On 1 June 2010 14:04, Simon Pieters <simonp@opera.com> wrote: > On Tue, 01 Jun 2010 13:39:23 +0200, Greg Wilkins <gregw@webtide.com> wrote: > >> Ian has frequently said that HTTP Compliance is just a desire for >> theoretical >> purity. >> >> But lack of HTTP compliance is causing me almost daily head aches with >> our websocket work. >> >> We are now supporting websocket in the cometd2 framework, and it is >> working with both >> -75 and -76 clients. >> >> However, we also sometimes use a cross origin access control filter >> that supports normal >> long polling to the same cometd server from different origins without >> the need for json callbacks >> etc. >> >> This filter follows the cross origin specification and sets the >> Access-Control-Allow-Origin >> on HTTP responses, which of course breaks the websocket handshake. >> >> So we now have to modify this filter to have >> >> if (!websocket) >> { >> ... >> } >> >> Easy enough to do, but the filter comes from a different project and and >> in a >> stable release. Luckily it is open source. So now while the fix is >> simple, >> i have to break encapsulation of websocket concerns and update another >> project (or copy/modify code). >> >> There are just going to be endless issues like this. >> >> The handshake should just ignore arbitrary unknown headers rather >> than breaking. >> >> This is NOT a theoretical issue. > > The client is required to ignore unknown headers in the handshake (at least > in -76, I don't know about -75): > > [[ > 41. ... handle each entry in the fields list as follows: > ... > ↪Any other name > Ignore it. > ]] > > -- > Simon Pieters > Opera Software >
- [hybi] Why HTTP Compliant Greg Wilkins
- Re: [hybi] Why HTTP Compliant Simon Pieters
- Re: [hybi] Why HTTP Compliant Greg Wilkins
- Re: [hybi] Why HTTP Compliant James Graham
- Re: [hybi] Why HTTP Compliant Wellington Fernando de Macedo
- Re: [hybi] Why HTTP Compliant Simon Pieters
- Re: [hybi] Why HTTP Compliant Simon Pieters
- Re: [hybi] Why HTTP Compliant Bruce Atherton