websocat
websocat copied to clipboard
websocat server doesn't reply with Sec-WebSocket-Protocol
As per RFC 6455, if the client includes a Sec-WebSocket-Protocol
header, the server must pick one of the available protocols and send back a Sec-WebSocket-Protocol
header with the selection made. If it does not send back a Sec-WebSocket-Protocol
the client must assume the connection to have failed.
However, (in simple server mode) websocat neither sends back the header by itself nor does the --protocol
switch seem to work for some reason.
Missing Sec-WebSocket-Protocol
in replies when --protocol
is specified is to be fixed.
What do you suggest do to if --protocol
is not specified?
Options:
- Continue sending replies without the protocol; maybe also show some warning
- Fail request with error
- Send back received protocol if it is the only protocol suggested by client, fail or send empty otherwise
- Choose first protocol if client suggests multiple
Also what do you suggest to do it --protocol
is specified, but client failed to specify a protocol or specified different protocol? Just show a warning?
If no --protocol
is specified but the client contains the header my idea would be to:
- Return the same
Sec-WebSocket-Protocol
header if exactly one protocol is specified - Return a
Sec-WebSocket-Protocol
header with the first protocol from the list if multiple are specified, also issue a warning about this. Important detail: Instead of using a list the header can also appear multiple times.
If --protocol
is specified but does not match any of the protocols in the header(s) sent by the client, the RFC is very clear that no Sec-WebSocket-Protocol
may be sent back. In this case the client MUST close the connection.
If the client does not specify a Sec-WebSocket-Protocol
also no Sec-WebSocket-Protocol
may be sent back but in that case the client will continue communication. My preference would be to issue a warning to the user.
Addressed this in new release v1.4.0. Now there is --server-protocol
for explicitly specifying reply protocol. Also it chooses the first from the list even when --server-protocol
is not specified.