[e] (0) Clarify that fields can be sent in a random order.

git-svn-id: http://svn.whatwg.org/webapps@4825 340c8d12-0b0e-0410-8428-c7bf67bfef74

complete.html

@@ -157,7 +157,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG src=/images/logo></a></p>
    <hgroup><h1>Web Applications 1.0</h1>
-    <h2 class="no-num no-toc">Draft Standard &mdash; 4 March 2010</h2>
+    <h2 class="no-num no-toc">Draft Standard &mdash; 5 March 2010</h2>
    </hgroup><p>You can take part in this work. <a href=http://www.whatwg.org/mailing-list>Join the working group's discussion list.</a></p>
    <p><strong>Web designers!</strong> We have a <a href=http://blog.whatwg.org/faq/>FAQ</a>, a <a href=http://forums.whatwg.org/>forum</a>, and a <a href=http://www.whatwg.org/mailing-list#help>help mailing list</a> for you!</p>
    <!--<p class="impl"><strong>Implementors!</strong> We have a <a href="http://www.whatwg.org/mailing-list#implementors">mailing list</a> for you too!</p>-->
@@ -67495,6 +67495,9 @@ <h6 id=opening-handshake><span class=secno>10.3.4.1.3 </span>Opening handshake</
 Upgrade: WebSocket
 Connection: Upgrade</pre>
 
+  <p>Fields in the handshake are sent by the client in a random order;
+  the order is not meaningful.</p>
+
   <p>Additional fields are used to select options in the WebSocket
   protocol. The only option available in this version is the
   subprotocol selector, <code title=http-sec-websocket-protocol><a href=#sec-websocket-protocol>Sec-WebSocket-Protocol</a></code>:</p>
@@ -67506,20 +67509,20 @@ <h6 id=opening-handshake><span class=secno>10.3.4.1.3 </span>Opening handshake</
   intends to use. The server echoes this field in its handshake to
   indicate that it supports that subprotocol.</p>
 
-  <p>The remainder of the handshake is all security-related. First,
-  the <code title=http-host>Host</code> field is used to protect
-  against DNS rebinding attacks and to allow multiple domains to be
-  served from one IP address.</p>
+  <p>The other fields in the handshake is all security-related.  The
+  <code title=http-host>Host</code> field is used to protect against
+  DNS rebinding attacks and to allow multiple domains to be served
+  from one IP address.</p>
 
   <pre>Host: example.com</pre>
 
   <p>The server includes the hostname in the <code title=http-sec-websocket-location><a href=#sec-websocket-location>Sec-WebSocket-Location</a></code>
   field of its handshake, so that both the client and the server can
   verify that they agree on which host is in use.</p>
 
-  <p>Second, the <code title=http-origin>Origin</code> field is
-  used to protect against unauthorized cross-origin use of a WebSocket
-  server by scripts using the <code><a href=#websocket>WebSocket</a></code> API in a Web
+  <p>The <code title=http-origin>Origin</code> field is used to
+  protect against unauthorized cross-origin use of a WebSocket server
+  by scripts using the <code><a href=#websocket>WebSocket</a></code> API in a Web
   browser. The server specifies which origin it is willing to receive
   requests from by including a <code title=http-sec-websocket-origin><a href=#sec-websocket-origin>Sec-WebSocket-Origin</a></code> field
   with that origin. If multiple origins are authorized, the server

source

@@ -75871,6 +75871,9 @@ Frame type byte <--------------------------------------.
 Upgrade: WebSocket
 Connection: Upgrade</pre>
 
+  <p>Fields in the handshake are sent by the client in a random order;
+  the order is not meaningful.</p>
+
   <p>Additional fields are used to select options in the WebSocket
   protocol. The only option available in this version is the
   subprotocol selector, <code
@@ -75883,10 +75886,10 @@ Connection: Upgrade</pre>
   intends to use. The server echoes this field in its handshake to
   indicate that it supports that subprotocol.</p>
 
-  <p>The remainder of the handshake is all security-related. First,
-  the <code title="http-host">Host</code> field is used to protect
-  against DNS rebinding attacks and to allow multiple domains to be
-  served from one IP address.</p>
+  <p>The other fields in the handshake is all security-related.  The
+  <code title="http-host">Host</code> field is used to protect against
+  DNS rebinding attacks and to allow multiple domains to be served
+  from one IP address.</p>
 
   <pre>Host: example.com</pre>
 
@@ -75895,9 +75898,9 @@ Connection: Upgrade</pre>
   field of its handshake, so that both the client and the server can
   verify that they agree on which host is in use.</p>
 
-  <p>Second, the <code title="http-origin">Origin</code> field is
-  used to protect against unauthorized cross-origin use of a WebSocket
-  server by scripts using the <code>WebSocket</code> API in a Web
+  <p>The <code title="http-origin">Origin</code> field is used to
+  protect against unauthorized cross-origin use of a WebSocket server
+  by scripts using the <code>WebSocket</code> API in a Web
   browser. The server specifies which origin it is willing to receive
   requests from by including a <code
   title="http-sec-websocket-origin">Sec-WebSocket-Origin</code> field