WebSocketConnectionManager.establish() incorrectly sets Sec-WebSocket-Protocol to "*", should be null #6

pmiklos opened this Issue Sep 23, 2012 · 0 comments


None yet
2 participants

pmiklos commented Sep 23, 2012


I just encountered with this issue after upgrading to Google Chromium 20:

Error during WebSocket handshake: Sec-WebSocket-Protocol mismatch

Because of this error jboss-websockets implementation does not work on browsers which takes this header strictly.

I found that when no protocol is specified in the request by the client the Sec-WebSocket-Protocol response header must be null instead of "*".

          Either a single value representing the subprotocol the server
          is ready to use or null.  The value chosen MUST be derived
          from the client's handshake, specifically by selecting one of
          the values from the |Sec-WebSocket-Protocol| field that the
          server is willing to use for this connection (if any).  If the
          client's handshake did not contain such a header field or if
          the server does not agree to any of the client's requested
          subprotocols, the only acceptable value is null.  The absence
          of such a field is equivalent to the null value (meaning that
          if the server does not wish to agree to one of the suggested
          subprotocols, it MUST NOT send back a |Sec-WebSocket-Protocol|
          header field in its response).  The empty string is not the
          same as the null value for these purposes and is not a legal
          value for this field.  The ABNF for the value of this header
          field is (token), where the definitions of constructs and
          rules are as given in [RFC2616].


pmiklos referenced this issue Sep 25, 2012


Fix for #6 #7

mikebrock closed this in ba09df1 Sep 25, 2012

@mikebrock mikebrock added a commit that referenced this issue Sep 25, 2012

@mikebrock mikebrock Merge pull request #7 from pmiklos/master
Fix for #6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment