Skip to content
This repository has been archived by the owner on May 5, 2021. It is now read-only.

Mismatch Between Sec-WebSocket-Protocol & accept-version #66

Closed
dansiviter opened this issue Jan 10, 2018 · 3 comments
Closed

Mismatch Between Sec-WebSocket-Protocol & accept-version #66

dansiviter opened this issue Jan 10, 2018 · 3 comments

Comments

@dansiviter
Copy link

dansiviter commented Jan 10, 2018
edited
Loading

It's possible for the headers to state:

GET ws://myhost:8080/websocket HTTP/1.1
Host: myhost:8080
Connection: Upgrade
...
Sec-WebSocket-Protocol: v11.stomp, v12.stomp  // <-- only v1.1 and v1.2

But the CONNECT frame to state:

CONNECT
accept-version:1.2,1.1,1.0   // <-- Are we able to accept 1.0?

IMO, I don't think it's valid to declare the STOMP protocol on the Sec-WebSocket-Protocol header and then disregard it in the accept-version.

Issue found in v1.2.0.
@JSteunou
Copy link
Owner

Thanks I will look into it

@JSteunou
Copy link
Owner

JSteunou commented Jul 3, 2018

Indeed, if you enforce protocols with specific versions, those are not used to compute the STOMP accept-version in the CONNECT frame

Not sure if this could have some negative impact though

JSteunou pushed a commit that referenced this issue Jul 3, 2018
Fix STOMP CONNECT frame 'accept-version' to match websocket accepted …
b1033b2 
…protocol #66

this is a not breaking fix, but a next major version should close the connection in absence of matching supported protocol
@JSteunou
Copy link
Owner

JSteunou commented Jul 3, 2018

Fixed in https://github.com/JSteunou/webstomp-client/releases/tag/1.2.2

@JSteunou JSteunou closed this as completed Jul 3, 2018
@JSteunou JSteunou mentioned this issue Aug 8, 2018
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dansiviter @JSteunou