Added options.maxPayload for websocket clients #1402
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can you please elaborate a bit? I think that if a server sends frames so big that can't be handled by clients, it's a server problem. There is no DoS in this case. |
|
I am using websockets as a network protocol in an untrusted peer-to-peer network. Each peer in this network has a server and client role. Because peers do not trust other peers in this network, there must be a DoS protection on the websocket client interface. I am not sure if these changes are of any added value for the project. It may help people that use websockets in an untrusted environment however. |
|
Ok thanks for the explanation. The option needs to be documented in https://github.com/websockets/ws/blob/master/doc/ws.md and at least one test should be added before this can be merged. |
|
I also think this is a breaking change. The connection should not be closed if a frame bigger than 100 MiB is received on the client without bumping the major version. |
|
I have included the requested testcase for option.maxPayload. Furthermore, perMessageDeflate in client mode now also works with options.maxPayload. |
|
I did not find a section on maxPayload sizes in the ietf for v13: https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-13 I guess we do not have to bump the protocolVersion for this change. |
|
|
lpinca
approved these changes
Jul 2, 2018
|
Thank you. |
goto-bus-stop
pushed a commit
to u-wave/http-api
that referenced
this pull request
Jul 21, 2018
## Version **6.0.0** of **ws** was just published.
<table>
<tr>
<th align=left>
Dependency
</th>
<td>
<a target=_blank href=https://github.com/websockets/ws>ws</a>
</td>
</tr>
<tr>
<th align=left>
Current Version
</th>
<td>
5.2.2
</td>
</tr>
<tr>
<th align=left>
Type
</th>
<td>
dependency
</td>
</tr>
</table>
The version **6.0.0** is **not covered** by your **current version range**.
If you don’t accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update.
It might be worth looking into these changes and trying to get this project onto the latest version of ws.
If you have a solid test suite and good coverage, a passing build is a strong indicator that you can take advantage of these changes directly by merging the proposed change into your project. If the build fails or you don’t have such unconditional trust in your tests, this branch is a great starting point for you to work on the update.
---
<details>
<summary>Release Notes</summary>
<strong>6.0.0</strong>
<h1>Breaking changes</h1>
<ul>
<li>Dropped support for Node.js 4 (<a class="commit-link" href="https://urls.greenkeeper.io/websockets/ws/commit/d73885c3f7c70b583030d683d9a0a025c98fbe00"><tt>d73885c</tt></a>).</li>
<li>Added a shim that throws an error when used if the package is bundled for the<br>
browser (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="310221102" data-permission-text="Issue title is private" data-url="websockets/ws#1345" href="https://urls.greenkeeper.io/websockets/ws/pull/1345">#1345</a>).</li>
<li>Added a <code>maxPayload</code> option on the client. Defaults to 100 MiB (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="333186455" data-permission-text="Issue title is private" data-url="websockets/ws#1402" href="https://urls.greenkeeper.io/websockets/ws/pull/1402">#1402</a>).</li>
<li>Dropped support for the <code>memLevel</code> and <code>level</code> options. Use<br>
<code>zlibDeflateOptions</code> instead. (<a class="commit-link" href="https://urls.greenkeeper.io/websockets/ws/commit/80e20021f314d66e80032ecb8c2854ac61c6073c"><tt>80e2002</tt></a>).</li>
</ul>
</details>
<details>
<summary>Commits</summary>
<p>The new version differs by 15 commits ahead by 15, behind by 2.</p>
<ul>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/1ee42fd67d365409096c11af0d6bc70fbe292c60"><code>1ee42fd</code></a> <code>[dist] 6.0.0</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/d963003a40bfe6cdd58eb3d3e4458eb2b2090a2c"><code>d963003</code></a> <code>[example] Update dependencies</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/38d2e8b3f75ebccf8b0b205fafac959c1702ddfb"><code>38d2e8b</code></a> <code>chore(package): update eslint-plugin-node to version 7.0.0 (#1420)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/fc957939460cd0c461618bef4c6d59a9b5a4b90e"><code>fc95793</code></a> <code>[fix] Fix use after invalidation bug</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/fbd43914ad557ed915c41108b2f98b508a720216"><code>fbd4391</code></a> <code>[fix] Fix compatibility with Node.js 6</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/b354cd138e62dcb1e4e05ce8b0bc097534f23d76"><code>b354cd1</code></a> <code>[minor] Remove no longer needed workaround for <code>socketPath</code> option</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/ef5a8f5f5e4d3843d318d2b8a463b49d8105bd2e"><code>ef5a8f5</code></a> <code>[pkg] Update eslint-plugin-standard to version 3.1.0</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/80e20021f314d66e80032ecb8c2854ac61c6073c"><code>80e2002</code></a> <code>[major] Drop support for the <code>memLevel</code> and <code>level</code> options</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/92d0a2e9fc2b1cca6eb1ddf88ec4347986164cb1"><code>92d0a2e</code></a> <code>[major] Add <code>maxPayload</code> option for the client (#1402)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/9f87842888688318464af498300395b197b29712"><code>9f87842</code></a> <code>[major] Make bundlers use a browser shim that throws an error (#1345)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/72bfbe84f3d747b96416a646728932c9181ceffd"><code>72bfbe8</code></a> <code>chore(package): update bufferutil to version 4.0.0 (#1413)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/5bb29ed019529f17a557d59b3eb5d9a14f9e5643"><code>5bb29ed</code></a> <code>chore(package): update utf-8-validate to version 5.0.0 (#1415)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/3bc6b9672f60b7178f115e51beaf4f664f91484c"><code>3bc6b96</code></a> <code>chore(package): update eslint to version 5.0.0 (#1403)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/d73885c3f7c70b583030d683d9a0a025c98fbe00"><code>d73885c</code></a> <code>[major] Drop support for Node.js 4</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/5d90141505dc41c129ab5d5228e37d49979d7541"><code>5d90141</code></a> <code>chore(package): update eslint-plugin-import to version 2.13.0 (#1405)</code></li>
</ul>
<p>See the <a href="https://urls.greenkeeper.io/websockets/ws/compare/5d55e52529167c25f4fec35cb4753294e75bf9f2...1ee42fd67d365409096c11af0d6bc70fbe292c60">full diff</a></p>
</details>
<details>
<summary>FAQ and help</summary>
There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html). If those don’t help, you can always [ask the humans behind Greenkeeper](https://github.com/greenkeeperio/greenkeeper/issues/new).
</details>
---
Your [Greenkeeper](https://greenkeeper.io) bot 🌴
goto-bus-stop
pushed a commit
to goto-bus-stop/wikibattle
that referenced
this pull request
Jul 21, 2018
## Version **6.0.0** of **ws** was just published.
<table>
<tr>
<th align=left>
Dependency
</th>
<td>
<a target=_blank href=https://github.com/websockets/ws>ws</a>
</td>
</tr>
<tr>
<th align=left>
Current Version
</th>
<td>
5.2.2
</td>
</tr>
<tr>
<th align=left>
Type
</th>
<td>
dependency
</td>
</tr>
</table>
The version **6.0.0** is **not covered** by your **current version range**.
If you don’t accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update.
It might be worth looking into these changes and trying to get this project onto the latest version of ws.
If you have a solid test suite and good coverage, a passing build is a strong indicator that you can take advantage of these changes directly by merging the proposed change into your project. If the build fails or you don’t have such unconditional trust in your tests, this branch is a great starting point for you to work on the update.
---
<details>
<summary>Release Notes</summary>
<strong>6.0.0</strong>
<h1>Breaking changes</h1>
<ul>
<li>Dropped support for Node.js 4 (<a class="commit-link" href="https://urls.greenkeeper.io/websockets/ws/commit/d73885c3f7c70b583030d683d9a0a025c98fbe00"><tt>d73885c</tt></a>).</li>
<li>Added a shim that throws an error when used if the package is bundled for the<br>
browser (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="310221102" data-permission-text="Issue title is private" data-url="websockets/ws#1345" href="https://urls.greenkeeper.io/websockets/ws/pull/1345">#1345</a>).</li>
<li>Added a <code>maxPayload</code> option on the client. Defaults to 100 MiB (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="333186455" data-permission-text="Issue title is private" data-url="websockets/ws#1402" href="https://urls.greenkeeper.io/websockets/ws/pull/1402">#1402</a>).</li>
<li>Dropped support for the <code>memLevel</code> and <code>level</code> options. Use<br>
<code>zlibDeflateOptions</code> instead. (<a class="commit-link" href="https://urls.greenkeeper.io/websockets/ws/commit/80e20021f314d66e80032ecb8c2854ac61c6073c"><tt>80e2002</tt></a>).</li>
</ul>
</details>
<details>
<summary>Commits</summary>
<p>The new version differs by 15 commits ahead by 15, behind by 2.</p>
<ul>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/1ee42fd67d365409096c11af0d6bc70fbe292c60"><code>1ee42fd</code></a> <code>[dist] 6.0.0</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/d963003a40bfe6cdd58eb3d3e4458eb2b2090a2c"><code>d963003</code></a> <code>[example] Update dependencies</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/38d2e8b3f75ebccf8b0b205fafac959c1702ddfb"><code>38d2e8b</code></a> <code>chore(package): update eslint-plugin-node to version 7.0.0 (#1420)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/fc957939460cd0c461618bef4c6d59a9b5a4b90e"><code>fc95793</code></a> <code>[fix] Fix use after invalidation bug</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/fbd43914ad557ed915c41108b2f98b508a720216"><code>fbd4391</code></a> <code>[fix] Fix compatibility with Node.js 6</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/b354cd138e62dcb1e4e05ce8b0bc097534f23d76"><code>b354cd1</code></a> <code>[minor] Remove no longer needed workaround for <code>socketPath</code> option</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/ef5a8f5f5e4d3843d318d2b8a463b49d8105bd2e"><code>ef5a8f5</code></a> <code>[pkg] Update eslint-plugin-standard to version 3.1.0</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/80e20021f314d66e80032ecb8c2854ac61c6073c"><code>80e2002</code></a> <code>[major] Drop support for the <code>memLevel</code> and <code>level</code> options</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/92d0a2e9fc2b1cca6eb1ddf88ec4347986164cb1"><code>92d0a2e</code></a> <code>[major] Add <code>maxPayload</code> option for the client (#1402)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/9f87842888688318464af498300395b197b29712"><code>9f87842</code></a> <code>[major] Make bundlers use a browser shim that throws an error (#1345)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/72bfbe84f3d747b96416a646728932c9181ceffd"><code>72bfbe8</code></a> <code>chore(package): update bufferutil to version 4.0.0 (#1413)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/5bb29ed019529f17a557d59b3eb5d9a14f9e5643"><code>5bb29ed</code></a> <code>chore(package): update utf-8-validate to version 5.0.0 (#1415)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/3bc6b9672f60b7178f115e51beaf4f664f91484c"><code>3bc6b96</code></a> <code>chore(package): update eslint to version 5.0.0 (#1403)</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/d73885c3f7c70b583030d683d9a0a025c98fbe00"><code>d73885c</code></a> <code>[major] Drop support for Node.js 4</code></li>
<li><a href="https://urls.greenkeeper.io/websockets/ws/commit/5d90141505dc41c129ab5d5228e37d49979d7541"><code>5d90141</code></a> <code>chore(package): update eslint-plugin-import to version 2.13.0 (#1405)</code></li>
</ul>
<p>See the <a href="https://urls.greenkeeper.io/websockets/ws/compare/5d55e52529167c25f4fec35cb4753294e75bf9f2...1ee42fd67d365409096c11af0d6bc70fbe292c60">full diff</a></p>
</details>
<details>
<summary>FAQ and help</summary>
There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html). If those don’t help, you can always [ask the humans behind Greenkeeper](https://github.com/greenkeeperio/greenkeeper/issues/new).
</details>
---
Your [Greenkeeper](https://greenkeeper.io) bot 🌴
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I came across a situation where a websocket client instance needs to be protected against large messages. This pull request makes the option.maxPayload option available for client instances.