-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
websocket negotiation of extension configuration parameters #3465
Comments
lachlan-roberts
added a commit
to lachlan-roberts/jetty.project
that referenced
this issue
Mar 21, 2019
default behaviour of Negotiation no longer includes all of the offered extensions as the negotiated extensions but it now takes only the first extension if there are multiple of the same name, this is now done when the negotiation is created and can be overwritten by the negotiator Throw exception on websocket errors so the proper status code can be reported back to the client fix to checking for multiple negotiated extensions of the same name added tests for core and jetty websockets for the negotiation Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
to lachlan-roberts/jetty.project
that referenced
this issue
Mar 21, 2019
do not allow internal extensions to be offered by the client do not validate internal extensions Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
to lachlan-roberts/jetty.project
that referenced
this issue
Mar 21, 2019
do not allow internal extensions to be offered by the client do not validate internal extensions Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
to lachlan-roberts/jetty.project
that referenced
this issue
Mar 26, 2019
…nStack Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
gregw
added a commit
that referenced
this issue
Mar 26, 2019
…sion-negotiation Issue #3465 - WebSocket Extension Negotiation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Selecting Extension Parameters
Currently we are overwriting the negotiated ExtenionConfigs with the value of the first offered
ExtensionConfig parameter of the same name extension name. RFC7692 says that the client can request multiple extensions of the same extension name with different configuration parameters to allow the server to choose which set of configuration parameters to use.
https://tools.ietf.org/html/rfc7692#section-5
https://github.com/eclipse/jetty.project/blob/67838609c3059134c3a3374f3de745f66a2ec6d4/jetty-websocket/websocket-core/src/main/java/org/eclipse/jetty/websocket/core/server/Negotiation.java#L234-L247
Here we will overwrite the negotiated extension parameters with the parameters of the first
offered extension. This will make choosing a set of configuration parameters for the extension
impossible.
Changing Extension Parameters
RFC7629 says that during the negotiation the server may drop or modify extension parameters. In general it looks like whether it is correct to do this is dependant on the specific extension.
https://tools.ietf.org/html/rfc7692#section-5
Server may drop parameters
Server may change parameters:
The text was updated successfully, but these errors were encountered: