Re: [hybi] "Establish a WebSocket Connection" does not allow for cookies
Takeshi Yoshino <tyoshino@google.com> Wed, 16 September 2015 08:20 UTC
Return-Path: <tyoshino@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 623C31B38AD for <hybi@ietfa.amsl.com>; Wed, 16 Sep 2015 01:20:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1eq4a198ZAC7 for <hybi@ietfa.amsl.com>; Wed, 16 Sep 2015 01:20:52 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F1D01B38AB for <hybi@ietf.org>; Wed, 16 Sep 2015 01:20:52 -0700 (PDT)
Received: by oibi136 with SMTP id i136so116877529oib.3 for <hybi@ietf.org>; Wed, 16 Sep 2015 01:20:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=AK34NewLyzM6YDW19EeOvi8w+yhzk92G5El8jmsQcgE=; b=QYI75Ex4eErcPH2iez7tjg35+QqQKlyPiqRaDR2Zmw83BTx0tcuhFpoLsh7Mm6tnwO ztjptXFHBVtETMMJE6eqzQdMe/+uFI3HJM72FqEsUNgmefwEWp2kDQCfiQs3LRCzdipF crjg2H6KV1o0323UT4N6c7Pt79URl0WzZkMUikoPDWN/q73U1uY431pQri5k9vfP6ugT a7Tq6iLE5t5kpsGyZJ2rU0ecXlD9i2lmXjk9bth1R1BIrBrdOgVnSRhyDsMYXUGtiZ6d ll/vd1ETV8lTIlbtZ1QdPV0jduzW61pweJua2Tkt9lhiw99xtOyY2QmSULlesnkVFua4 eQgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=AK34NewLyzM6YDW19EeOvi8w+yhzk92G5El8jmsQcgE=; b=EP7T9Grp7y4sroSY2wZwdnArGggI5l+mFCDkJy8ibkkGydJv6q9CgumAdARP2L2aZx W8X5MPOn9NHkdFhK57ATNnYiLqgGMSPZPE0vMhtuda66KrocCE6mifFElwj5/5hh/0+n r6wSbij4vnHTBPYYG5vJQWYyMO/Ggg1Mvb0FpSWRinEJ1+54pllXqpupvls0TE6cPASR sEPCVZi4pvI2/3KhRDNYLgQr5MeqdBlIfgp/N5EHM4NfKUPOX+YmvkM7Hs3PMoVGhBt3 H8WLBURqBD4/vhcjn0QYw/1/wFkg6axSM9RdlBK4jSTYea0WT3H8x8DaP5P3Z2deDsgr RcTw==
X-Gm-Message-State: ALoCoQlc3DMfYWRH2ZFc1iFu4aHHzAzKa/pFdJdHL5br3+/qHhT2s757fHhKe0Fd95Nx5+A0xFHt
X-Received: by 10.60.175.41 with SMTP id bx9mr22277243oec.46.1442391651465; Wed, 16 Sep 2015 01:20:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.60.4 with HTTP; Wed, 16 Sep 2015 01:20:31 -0700 (PDT)
In-Reply-To: <CADnb78hy8zG_PuOY9X0wtyJLqOH=D8BHyTnqjgwXtze3UmG9ZA@mail.gmail.com>
References: <CADnb78iWYqqG1t+bYRtMvFifJru06JXb0=KQgfunRrXt-+8E8w@mail.gmail.com> <55EB2FBF.4080602@gmx.de> <CADnb78hy8zG_PuOY9X0wtyJLqOH=D8BHyTnqjgwXtze3UmG9ZA@mail.gmail.com>
From: Takeshi Yoshino <tyoshino@google.com>
Date: Wed, 16 Sep 2015 17:20:31 +0900
Message-ID: <CAH9hSJbSn5d5AGVW79oYusjoTe345LrVd65e9Bseo4MVcOe-sg@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Content-Type: multipart/alternative; boundary="047d7bd6ab64038006051fd8fa1c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/hybi/s-xPmEhxIU61hJMGdVYMN-W7jCw>
Cc: Julian Reschke <julian.reschke@gmx.de>, "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] "Establish a WebSocket Connection" does not allow for cookies
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hybi/>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 08:20:54 -0000
On Mon, Sep 7, 2015 at 12:12 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Sat, Sep 5, 2015 at 8:09 PM, Julian Reschke <julian.reschke@gmx.de> > wrote: > > On 2015-09-05 19:25, Anne van Kesteren wrote: > >> After the tenth protocol draft this algorithm broke a hook the API > >> standard was using and those authoring the WebSocket API were never > >> notified. > >> > >> See https://www.w3.org/Bugs/Public/show_bug.cgi?id=27869 for details. > >> > >> How do you suggest this gets fixed? > > > > The subject line is misleading. > > It's the name of the algorithm defined in the RFC that takes a set > number of arguments of which headers and/or cookies are not an > acceptable argument. > > Yes, what to do is described in the step, but the identifier of the algorithm is gone. > > > <https://tools.ietf.org/html/rfc6455#section-4.1>, item 12 in the second > > list is: > > > >> 12. The request MAY include any other header fields, for example, > >> cookies [RFC6265] and/or authentication-related header fields > >> such as the |Authorization| header field [RFC2616], which are > >> processed according to documents that define them. > > This step cannot be influenced from the API. The "request" is > constructed by this algorithm and the influence the API has over it is > carefully defined. > It's not expecting any argument explicitly, but given the history of the spec, I think we should just proceed to influence this by e.g.: Replace the second sentence of the step 9 of https://html.spec.whatwg.org/multipage/comms.html#dom-websocket with When processing the step 12 of the requirements for an opening handshake from a client described in the <a href=" https://tools.ietf.org/html/rfc6455#section-4.1">"Client Requirements" section of the WebSocket protocol specification</a>, include a Cookie header whose value is the cookie-string computed from the user's cookie store and the URL url; for these purposes this is not a "non-HTTP" API. [WSP] [COOKIES] > > > -- > https://annevankesteren.nl/ > > _______________________________________________ > hybi mailing list > hybi@ietf.org > https://www.ietf.org/mailman/listinfo/hybi >
- [hybi] "Establish a WebSocket Connection" does no… Anne van Kesteren
- [hybi] "Establish a WebSocket Connection" does no… Anne van Kesteren
- Re: [hybi] "Establish a WebSocket Connection" doe… Julian Reschke
- Re: [hybi] "Establish a WebSocket Connection" doe… Anne van Kesteren
- Re: [hybi] "Establish a WebSocket Connection" doe… Takeshi Yoshino
- Re: [hybi] "Establish a WebSocket Connection" doe… Anne van Kesteren
- Re: [hybi] "Establish a WebSocket Connection" doe… Takeshi Yoshino
- Re: [hybi] "Establish a WebSocket Connection" doe… Salvatore Loreto
- Re: [hybi] "Establish a WebSocket Connection" doe… Anne van Kesteren