W3C home > Mailing lists > Public > public-html@w3.org > July 2008

Re: websocket HTTP response parsing

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 7 Jul 2008 19:16:00 +0000 (UTC)
To: Julian Reschke <julian.reschke@gmx.de>
Cc: "public-html@w3.org" <public-html@w3.org>
Message-ID: <Pine.LNX.4.62.0807071907190.11210@hixie.dreamhostps.com>

On Mon, 7 Jul 2008, Julian Reschke wrote:
> 
> In this case I would advise to have that handshake *after* the websocket 
> connection has been established (so in the case where this actually goes 
> through a real HTTP server, *after* the 101 is returned). Keep in mind 
> that there are other things that could go wrong, such as the server 
> returning the headers "Upgrade:" or "Connection:" in a different order, 
> or interleaving them with other headers (such as "Date:").

We can't. If the handshake occurs after the first byte sent over the 
connection, it would be far too easy for someone to smuggle in a fake 
handshake.

Furthermore, one of our core requirements is the ability to implement a 
Web Socket Protocol server without any HTTP server involvement, and so we 
can't build this on HTTP.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 7 July 2008 19:16:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:19 GMT