Inconsistency (or unclear text) wrt. closing with an authenticated client.

[rustonaut]

The spec says:

• If the other client is authenticated, the client SHALL send a 'close' message to the other client containing the close code 3001 (Protocol Error). Both clients SHALL terminate the connection to the server (normal close code).

Here I did read "normal close code" as "1000 Normal Closure".

But in the section for the 'close' message it also says:

A client who sends a 'close' message [..] The client SHALL also terminate the connection to the server with a close code of 1001 (Going Away) if the connection is still open.

Which mean on a protocol error we are supposed to close with 1000 based on the protocol error and 1001 based on sending a close message.

There is also:

A receiving client [..] The client SHALL also terminate the connection to the server (no specific close code) if the connection is still open.

Where I'm not sure if it means you should set no close code (which is possible) or if it means you can set any arbitrary close code.

[rustonaut]

We could read "normal close code" as "close as normally done by the close message", in which case it's not a inconsistency but just a bit unclear text.

[lgrahl]

I agree that this is quite confusing. But it's especially confusing because we can fully control the close codes in the 'close' message but cannot fully control them when closing the WebSocket connection because the Web API of WebSockets does not allow to use any 1xxx code other than 1000.

What the protocol should say is that either 1000 or 1001 is fine to use in any of the above scenarios.

Where I'm not sure if it means you should set no close code (which is possible) or if it means you can set any arbitrary close code.

Arbitrary is what is meant here although 1000/1001 make the most sense in almost all scenarios.