Define the WebSocket subprotocol check as part of response validation

See whatwg/html#840 (comment) for discussion and context. Many thanks to Simon Pieters for helping out.
whatwg · Mar 10, 2016 · 08f8560 · 08f8560
1 parent fc89332
commit 08f8560
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/Overview.html b/Overview.html
@@ -4856,6 +4856,17 @@ <h3 id="websocket-opening-handshake"><span class="secno">7.2 </span>Opening hand
  <a href="#concept-response-status" title="concept-response-status">status</a> is not <code title="">101</code>,
  <a href="#fail-the-websocket-connection">fail the WebSocket connection</a>.
 
+ <li>
+  <p>If <var>protocols</var> is not the empty list and
+  <a href="#concept-header-parse" title="concept-header-parse">parsing</a>
+  `<code title="http-sec-websocket-protocol">Sec-WebSocket-Protocol</code>` in <var>response</var>'s
+  <a href="#concept-request-header-list" title="concept-request-header-list">header list</a> results in null, failure, or the empty
+  byte sequence, <a href="#fail-the-websocket-connection">fail the WebSocket connection</a>.
+
+  <p class="note">This is different from the check on this header defined by The WebSocket Protocol.
+  That only covers a subprotocol not requested by the client. This covers a subprotocol requested by
+  the client, but not acknowledged by the server.
+
  <li><p>Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in
  <a href="http://tools.ietf.org/html/rfc6455#section-4.1">section 4.1</a> of The WebSocket Protocol
  to validate <var>response</var>. This either results in <a href="#fail-the-websocket-connection">fail the WebSocket connection</a>

diff --git a/Overview.src.html b/Overview.src.html
@@ -4789,6 +4789,17 @@ <h3 id=websocket-opening-handshake>Opening handshake</h3>
  <span title=concept-response-status>status</span> is not <code title>101</code>,
  <span>fail the WebSocket connection</span>.
 
+ <li>
+  <p>If <var>protocols</var> is not the empty list and
+  <span title="concept-header-parse">parsing</span>
+  `<code title=http-sec-websocket-protocol>Sec-WebSocket-Protocol</code>` in <var>response</var>'s
+  <span title=concept-request-header-list>header list</span> results in null, failure, or the empty
+  byte sequence, <span>fail the WebSocket connection</span>.
+
+  <p class="note">This is different from the check on this header defined by The WebSocket Protocol.
+  That only covers a subprotocol not requested by the client. This covers a subprotocol requested by
+  the client, but not acknowledged by the server.
+
  <li><p>Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in
  <a href="http://tools.ietf.org/html/rfc6455#section-4.1">section 4.1</a> of The WebSocket Protocol
  to validate <var>response</var>. This either results in <span>fail the WebSocket connection</span>