IETF Logo Mail Archive

Re: [hybi] "Establish a WebSocket Connection" does not allow for cookies

Takeshi Yoshino <tyoshino@google.com> Wed, 16 September 2015 08:20 UTC

Return-Path: <tyoshino@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 623C31B38AD for <hybi@ietfa.amsl.com>; Wed, 16 Sep 2015 01:20:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1eq4a198ZAC7 for <hybi@ietfa.amsl.com>; Wed, 16 Sep 2015 01:20:52 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F1D01B38AB for <hybi@ietf.org>; Wed, 16 Sep 2015 01:20:52 -0700 (PDT)
Received: by oibi136 with SMTP id i136so116877529oib.3 for <hybi@ietf.org>; Wed, 16 Sep 2015 01:20:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=AK34NewLyzM6YDW19EeOvi8w+yhzk92G5El8jmsQcgE=; b=QYI75Ex4eErcPH2iez7tjg35+QqQKlyPiqRaDR2Zmw83BTx0tcuhFpoLsh7Mm6tnwO ztjptXFHBVtETMMJE6eqzQdMe/+uFI3HJM72FqEsUNgmefwEWp2kDQCfiQs3LRCzdipF crjg2H6KV1o0323UT4N6c7Pt79URl0WzZkMUikoPDWN/q73U1uY431pQri5k9vfP6ugT a7Tq6iLE5t5kpsGyZJ2rU0ecXlD9i2lmXjk9bth1R1BIrBrdOgVnSRhyDsMYXUGtiZ6d ll/vd1ETV8lTIlbtZ1QdPV0jduzW61pweJua2Tkt9lhiw99xtOyY2QmSULlesnkVFua4 eQgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=AK34NewLyzM6YDW19EeOvi8w+yhzk92G5El8jmsQcgE=; b=EP7T9Grp7y4sroSY2wZwdnArGggI5l+mFCDkJy8ibkkGydJv6q9CgumAdARP2L2aZx W8X5MPOn9NHkdFhK57ATNnYiLqgGMSPZPE0vMhtuda66KrocCE6mifFElwj5/5hh/0+n r6wSbij4vnHTBPYYG5vJQWYyMO/Ggg1Mvb0FpSWRinEJ1+54pllXqpupvls0TE6cPASR sEPCVZi4pvI2/3KhRDNYLgQr5MeqdBlIfgp/N5EHM4NfKUPOX+YmvkM7Hs3PMoVGhBt3 H8WLBURqBD4/vhcjn0QYw/1/wFkg6axSM9RdlBK4jSTYea0WT3H8x8DaP5P3Z2deDsgr RcTw==
X-Gm-Message-State: ALoCoQlc3DMfYWRH2ZFc1iFu4aHHzAzKa/pFdJdHL5br3+/qHhT2s757fHhKe0Fd95Nx5+A0xFHt
X-Received: by 10.60.175.41 with SMTP id bx9mr22277243oec.46.1442391651465; Wed, 16 Sep 2015 01:20:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.60.4 with HTTP; Wed, 16 Sep 2015 01:20:31 -0700 (PDT)
In-Reply-To: <CADnb78hy8zG_PuOY9X0wtyJLqOH=D8BHyTnqjgwXtze3UmG9ZA@mail.gmail.com>
References: <CADnb78iWYqqG1t+bYRtMvFifJru06JXb0=KQgfunRrXt-+8E8w@mail.gmail.com> <55EB2FBF.4080602@gmx.de> <CADnb78hy8zG_PuOY9X0wtyJLqOH=D8BHyTnqjgwXtze3UmG9ZA@mail.gmail.com>
From: Takeshi Yoshino <tyoshino@google.com>
Date: Wed, 16 Sep 2015 17:20:31 +0900
Message-ID: <CAH9hSJbSn5d5AGVW79oYusjoTe345LrVd65e9Bseo4MVcOe-sg@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Content-Type: multipart/alternative; boundary="047d7bd6ab64038006051fd8fa1c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/hybi/s-xPmEhxIU61hJMGdVYMN-W7jCw>
Cc: Julian Reschke <julian.reschke@gmx.de>, "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] "Establish a WebSocket Connection" does not allow for cookies
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hybi/>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 08:20:54 -0000

On Mon, Sep 7, 2015 at 12:12 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Sat, Sep 5, 2015 at 8:09 PM, Julian Reschke <julian.reschke@gmx.de>
> wrote:
> > On 2015-09-05 19:25, Anne van Kesteren wrote:
> >> After the tenth protocol draft this algorithm broke a hook the API
> >> standard was using and those authoring the WebSocket API were never
> >> notified.
> >>
> >> See https://www.w3.org/Bugs/Public/show_bug.cgi?id=27869 for details.
> >>
> >> How do you suggest this gets fixed?
> >
> > The subject line is misleading.
>
> It's the name of the algorithm defined in the RFC that takes a set
> number of arguments of which headers and/or cookies are not an
> acceptable argument.
>
>
Yes, what to do is described in the step, but the identifier of the
algorithm is gone.


>
> > <https://tools.ietf.org/html/rfc6455#section-4.1>, item 12 in the second
> > list is:
> >
> >>    12.  The request MAY include any other header fields, for example,
> >>         cookies [RFC6265] and/or authentication-related header fields
> >>         such as the |Authorization| header field [RFC2616], which are
> >>         processed according to documents that define them.
>
> This step cannot be influenced from the API. The "request" is
> constructed by this algorithm and the influence the API has over it is
> carefully defined.
>

It's not expecting any argument explicitly, but given the history of the
spec, I think we should just proceed to influence this by e.g.:

Replace the second sentence of the step 9 of
https://html.spec.whatwg.org/multipage/comms.html#dom-websocket with

When processing the step 12 of the requirements for an opening handshake
from a client described in the <a href="
https://tools.ietf.org/html/rfc6455#section-4.1">"Client Requirements"
section of  the WebSocket protocol specification</a>, include a Cookie
header whose value is the cookie-string computed from the user's cookie
store and the URL url; for these purposes this is not a "non-HTTP" API.
[WSP] [COOKIES]


>
>
> --
> https://annevankesteren.nl/
>
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>

v2.23.0 | Report a Bug | By Email