Skip to content
Permalink
Browse files

Define the WebSocket subprotocol check as part of response validation

See whatwg/html#840 (comment) for discussion and context. Many
thanks to Simon Pieters for helping out.
  • Loading branch information...
annevk committed Mar 10, 2016
1 parent fc89332 commit 08f8560f6cecaedc1c3372f9fff1ee39c3bfc86f
Showing with 22 additions and 0 deletions.
  1. +11 −0 Overview.html
  2. +11 −0 Overview.src.html
@@ -4856,6 +4856,17 @@ <h3 id="websocket-opening-handshake"><span class="secno">7.2 </span>Opening hand
<a href="#concept-response-status" title="concept-response-status">status</a> is not <code title="">101</code>,
<a href="#fail-the-websocket-connection">fail the WebSocket connection</a>.

<li>
<p>If <var>protocols</var> is not the empty list and
<a href="#concept-header-parse" title="concept-header-parse">parsing</a>
`<code title="http-sec-websocket-protocol">Sec-WebSocket-Protocol</code>` in <var>response</var>'s
<a href="#concept-request-header-list" title="concept-request-header-list">header list</a> results in null, failure, or the empty
byte sequence, <a href="#fail-the-websocket-connection">fail the WebSocket connection</a>.

<p class="note">This is different from the check on this header defined by The WebSocket Protocol.
That only covers a subprotocol not requested by the client. This covers a subprotocol requested by
the client, but not acknowledged by the server.

<li><p>Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in
<a href="http://tools.ietf.org/html/rfc6455#section-4.1">section 4.1</a> of The WebSocket Protocol
to validate <var>response</var>. This either results in <a href="#fail-the-websocket-connection">fail the WebSocket connection</a>
@@ -4789,6 +4789,17 @@ <h3 id=websocket-opening-handshake>Opening handshake</h3>
<span title=concept-response-status>status</span> is not <code title>101</code>,
<span>fail the WebSocket connection</span>.

<li>
<p>If <var>protocols</var> is not the empty list and
<span title="concept-header-parse">parsing</span>
`<code title=http-sec-websocket-protocol>Sec-WebSocket-Protocol</code>` in <var>response</var>'s
<span title=concept-request-header-list>header list</span> results in null, failure, or the empty
byte sequence, <span>fail the WebSocket connection</span>.

<p class="note">This is different from the check on this header defined by The WebSocket Protocol.
That only covers a subprotocol not requested by the client. This covers a subprotocol requested by
the client, but not acknowledged by the server.

<li><p>Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in
<a href="http://tools.ietf.org/html/rfc6455#section-4.1">section 4.1</a> of The WebSocket Protocol
to validate <var>response</var>. This either results in <span>fail the WebSocket connection</span>

0 comments on commit 08f8560

Please sign in to comment.
You can’t perform that action at this time.