IETF Logo Mail Archive

Re: [hybi] Additional HTTP headers on upgrade request?

Willy Tarreau <w@1wt.eu> Wed, 21 July 2010 05:25 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 712B53A69F8 for <hybi@core3.amsl.com>; Tue, 20 Jul 2010 22:25:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.79
X-Spam-Level:
X-Spam-Status: No, score=-3.79 tagged_above=-999 required=5 tests=[AWL=-1.747, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ly5BZP2Q3aIE for <hybi@core3.amsl.com>; Tue, 20 Jul 2010 22:25:02 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 1B30E3A68A3 for <hybi@ietf.org>; Tue, 20 Jul 2010 22:25:01 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o6L5PHdf030305; Wed, 21 Jul 2010 07:25:17 +0200
Date: Wed, 21 Jul 2010 07:25:17 +0200
From: Willy Tarreau <w@1wt.eu>
To: Greg Wilkins <gregw@webtide.com>
Message-ID: <20100721052517.GI26999@1wt.eu>
References: <n2s188fcbce1005071111kd19e6f41m861eaeb593d88475@mail.gmail.com> <4BE5994E.4010701@webtide.com> <u2n188fcbce1005092125veaf94306u249a225bdd3925ca@mail.gmail.com> <B8058102-9589-4663-976D-217B939667DD@apple.com> <Pine.LNX.4.64.1007210038520.7242@ps20323.dreamhostps.com> <AANLkTinGz6pUxxMMohgQJQIWY3YWLKhO2K5YtAR8Hf39@mail.gmail.com> <AANLkTinNG2fHAQaZdEfuQeN2pEVNQRNSCP1AwDpinFm0@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTinNG2fHAQaZdEfuQeN2pEVNQRNSCP1AwDpinFm0@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: hybi@ietf.org
Subject: Re: [hybi] Additional HTTP headers on upgrade request?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2010 05:25:03 -0000

On Wed, Jul 21, 2010 at 11:49:27AM +1000, Greg Wilkins wrote:
> I'll try writing that again in fully formed English sentences this time
> (sorry too much in a rush):
> 
> 
> Ian,
> 
> it is a little disingenuous of you to fall back on the "what's the use
> case?" stone wall
> on topics like this that have been long discussed and people have given many
> use
> cases at length.   You might not understand and/or agree with the use cases
> presented,
> but that is entirely different to pretending that others have not motivated
> their contributions
> to the discussion with good reasoning.
> 
> The result of continually asking "what is the use-case" when it has already
> been explained
> many times, is that the list just goes around and around in endless circles.
> 
> In this particular case, it has been long argued that arbitrary headers
> should be allowed in
> the handshake for flexibility and anticipation of future needs.   You've
> refuted the need for
> generally extensible header.  Now  Doug motivated his comment with the
> specific
> use-case of using user-agent for dealing with browser quirks.

And I see a very important one concerning cookies. Cookies are important
to the server but also to the infrastructure. They're used a lot to
enable "persistence" or "stickiness", depending how it's called. They
make it possible for server-side load balancers to direct the users's
connection to the same server he was on previous connection. This is
of particular importance here because most often we'll need the WS
connection to reach the same server as the one which initiated a local
context. And for this it is important to be able to match reliable
content in the request. This is normally performed using cookies that
are assigned by either the server, the load balancer or sometimes even
some JS on the client.

This is one more reason to support standard headers with standard HTTP
in the handshake.

> Let's flip this around the otherway... because allowing arbitrary headers is
> not really
> a feature to be added to  websocket  because before the upgrade the
> connection
> is HTTP and thus arbitrary headers are by default allowed.
> 
> In essence, you are trying to add a "feature" to the websocket handshake to
> prevent
> the addition of arbitrary headers.
> 
> So what is the use-case for that?  I know you have previously argued that
> somehow it
> would be easier for amateurs not to have to write code to ignore headers
> (surely they
> just don't write code to handle them?), but the amateur programmer
> requirement has been
> widely rejected.     Is there any other use-case that motivates the
> rejection of websocket
> handshakes due to the presence of additional ignorable headers?

Indeed, why break something which works well, is well understood, well
mastered and well debugged ?

Willy

v2.23.0 | Report a Bug | By Email