websocat icon indicating copy to clipboard operation
websocat copied to clipboard

Published 20 hours ago verified publisher icon vi

websocat server doesn't reply with Sec-WebSocket-Protocol

Open therealprof opened this issue 5 years ago • 3 comments

As per RFC 6455, if the client includes a Sec-WebSocket-Protocol header, the server must pick one of the available protocols and send back a Sec-WebSocket-Protocol header with the selection made. If it does not send back a Sec-WebSocket-Protocol the client must assume the connection to have failed.

However, (in simple server mode) websocat neither sends back the header by itself nor does the --protocol switch seem to work for some reason.

therealprof avatar Mar 07 '19 12:03 therealprof

Missing Sec-WebSocket-Protocol in replies when --protocol is specified is to be fixed.

What do you suggest do to if --protocol is not specified?

Options:

  • Continue sending replies without the protocol; maybe also show some warning
  • Fail request with error
  • Send back received protocol if it is the only protocol suggested by client, fail or send empty otherwise
  • Choose first protocol if client suggests multiple

Also what do you suggest to do it --protocol is specified, but client failed to specify a protocol or specified different protocol? Just show a warning?

vi avatar Mar 07 '19 14:03 vi

If no --protocol is specified but the client contains the header my idea would be to:

  • Return the same Sec-WebSocket-Protocol header if exactly one protocol is specified
  • Return a Sec-WebSocket-Protocol header with the first protocol from the list if multiple are specified, also issue a warning about this. Important detail: Instead of using a list the header can also appear multiple times.

If --protocol is specified but does not match any of the protocols in the header(s) sent by the client, the RFC is very clear that no Sec-WebSocket-Protocol may be sent back. In this case the client MUST close the connection.

If the client does not specify a Sec-WebSocket-Protocol also no Sec-WebSocket-Protocol may be sent back but in that case the client will continue communication. My preference would be to issue a warning to the user.

therealprof avatar Mar 07 '19 14:03 therealprof

Addressed this in new release v1.4.0. Now there is --server-protocol for explicitly specifying reply protocol. Also it chooses the first from the list even when --server-protocol is not specified.

vi avatar Mar 21 '19 23:03 vi