Skip to content

Commit

Permalink
[t] (0) Allow server to specify cookie-related fields. (Editorial: Al…
Browse files Browse the repository at this point in the history 
…so, change the server-side rules to use <sub> like the client-side rules.)

git-svn-id: http://svn.whatwg.org/webapps@4828 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
@Hixie
Hixie committed Mar 5, 2010
1 parent 6a16d6b commit 761b27b
Show file tree
Hide file tree
Showing 2 changed files with 90 additions and 64 deletions.
72 changes: 41 additions & 31 deletions complete.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67613,7 +67613,7 @@ <h6 id=opening-handshake><span class=secno>10.3.4.1.3 </span>Opening handshake</
client's handshake to verify the correctness of the values.</p>

<p>Option fields can also be included. In this version of the
protocol, the only option field is <code title=http-sec-websocket-protocol><a href=#sec-websocket-protocol>Sec-WebSocket-Protocol</a></code>,
protocol, the main option field is <code title=http-sec-websocket-protocol><a href=#sec-websocket-protocol>Sec-WebSocket-Protocol</a></code>,
which indicates the subprotocol that the server speaks. Web browsers
verify that the server included the same value as was specified in
the <code><a href=#websocket>WebSocket</a></code> constructor, so a server that speaks
Expand All @@ -67622,6 +67622,9 @@ <h6 id=opening-handshake><span class=secno>10.3.4.1.3 </span>Opening handshake</

<pre>Sec-WebSocket-Protocol: chat</pre>

<p>The server can also set cookie-related option fields to
<em>set</em> cookies, as in HTTP.</p>

<p>After the fields, the server sends the aforementioned MD5 sum, a
16 byte (128 bit) value, shown here as if interpreted as ASCII:</p>

Expand Down Expand Up @@ -69158,17 +69161,17 @@ <h6 id="sending-the-server's-opening-handshake"><span class=secno>10.3.4.4.2 </s
value. The empty string is not the same as the null value for
these purposes.</dd>

<dt><var title="">key1</var></dt>
<dt><var title="">key<sub title="">1</sub></var></dt>

<dd>The value of the "<code title=http-sec-websocket-key1><a href=#sec-websocket-key1-and-sec-websocket-key2>Sec-WebSocket-Key1</a></code>"
field in the client's handshake.</dd>

<dt><var title="">key2</var></dt>
<dt><var title="">key<sub title="">2</sub></var></dt>

<dd>The value of the "<code title=http-sec-websocket-key2><a href=#sec-websocket-key1-and-sec-websocket-key2>Sec-WebSocket-Key2</a></code>"
field in the client's handshake.</dd>

<dt><var title="">key3</var></dt>
<dt><var title="">key<sub title="">3</sub></var></dt>

<dd>The eight random bytes sent after the first 0x0D 0x0A 0x0D
0x0A sequence in the client's handshake.</dd>
Expand All @@ -69185,15 +69188,15 @@ <h6 id="sending-the-server's-opening-handshake"><span class=secno>10.3.4.4.2 </s

<li>

<p>Let <var title="">key1-number</var> be the digits (characters
<p>Let <var title="">key-number<sub title="">1</sub></var> be the digits (characters
in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
<var title="">key1</var>, interpreted as a base ten integer,
ignoring all other characters in <var title="">key1</var>.</p>
<var title="">key<sub title="">1</sub></var>, interpreted as a base ten integer,
ignoring all other characters in <var title="">key<sub title="">1</sub></var>.</p>

<p>Let <var title="">key2-number</var> be the digits (characters
<p>Let <var title="">key-number<sub title="">2</sub></var> be the digits (characters
in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
<var title="">key2</var>, interpreted as a base ten integer,
ignoring all other characters in <var title="">key2</var>.</p>
<var title="">key<sub title="">2</sub></var>, interpreted as a base ten integer,
ignoring all other characters in <var title="">key<sub title="">2</sub></var>.</p>

<div class=example>

Expand All @@ -69209,11 +69212,11 @@ <h6 id="sending-the-server's-opening-handshake"><span class=secno>10.3.4.4.2 </s

WjN}|M(6</pre>

<p>The <var title="">key1-number</var> would be the number
3,626,341,780, and the <var title="">key2-number</var> would be
<p>The <var title="">key-number<sub title="">1</sub></var> would be the number
3,626,341,780, and the <var title="">key-number<sub title="">2</sub></var> would be
the number 1,799,227,390.</p>

<p>In this example, incidentally, <var title="">key3</var> is
<p>In this example, incidentally, <var title="">key<sub title="">3</sub></var> is
"WjN}|M(6", or 0x57 0x6A 0x4E 0x7D 0x7C 0x4D 0x28 0x36.</p>

</div>
Expand All @@ -69222,29 +69225,29 @@ <h6 id="sending-the-server's-opening-handshake"><span class=secno>10.3.4.4.2 </s

<li>

<p>Let <var title="">spaces1</var> be the number of U+0020 SPACE
characters in <var title="">key1</var>.</p>
<p>Let <var title="">spaces<sub title="">1</sub></var> be the number of U+0020 SPACE
characters in <var title="">key<sub title="">1</sub></var>.</p>

<p>Let <var title="">spaces2</var> be the number of U+0020 SPACE
characters in <var title="">key2</var>.</p>
<p>Let <var title="">spaces<sub title="">2</sub></var> be the number of U+0020 SPACE
characters in <var title="">key<sub title="">2</sub></var>.</p>

<p>If either <var title="">spaces1</var> or <var title="">spaces2</var> is zero, then <a href=#abort-the-websocket-connection>abort the WebSocket
<p>If either <var title="">spaces<sub title="">1</sub></var> or <var title="">spaces<sub title="">2</sub></var> is zero, then <a href=#abort-the-websocket-connection>abort the WebSocket
connection</a>. This is a symptom of a cross-protocol
attack.</p>

<p class=example>In the example above, <var title="">spaces1</var> would be 4 and <var title="">spaces2</var>
<p class=example>In the example above, <var title="">spaces<sub title="">1</sub></var> would be 4 and <var title="">spaces<sub title="">2</sub></var>
would be 10.</p>

</li>

<li>

<p>If <var title="">key1-number</var> is not an integral multiple
of <var title="">spaces1</var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
<p>If <var title="">key-number<sub title="">1</sub></var> is not an integral multiple
of <var title="">spaces<sub title="">1</sub></var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
connection</a>.</p>

<p>If <var title="">key2-number</var> is not an integral multiple
of <var title="">spaces2</var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
<p>If <var title="">key-number<sub title="">2</sub></var> is not an integral multiple
of <var title="">spaces<sub title="">2</sub></var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
connection</a>.</p>

<p class=note>This can only happen if the client is not a
Expand All @@ -69254,21 +69257,21 @@ <h6 id="sending-the-server's-opening-handshake"><span class=secno>10.3.4.4.2 </s

<li>

<p>Let <var title="">part1</var> be <var title="">key1-number</var> divided by <var title="">spaces1</var>.</p>
<p>Let <var title="">part<sub title="">1</sub></var> be <var title="">key-number<sub title="">1</sub></var> divided by <var title="">spaces<sub title="">1</sub></var>.</p>

<p>Let <var title="">part2</var> be <var title="">key2-number</var> divided by <var title="">spaces2</var>.</p>
<p>Let <var title="">part<sub title="">2</sub></var> be <var title="">key-number<sub title="">2</sub></var> divided by <var title="">spaces<sub title="">2</sub></var>.</p>

<p class=example>In the example above, <var title="">part1</var>
would be 906,585,445 and <var title="">part2</var> would be
<p class=example>In the example above, <var title="">part<sub title="">1</sub></var>
would be 906,585,445 and <var title="">part<sub title="">2</sub></var> would be
179,922,739.</p>

</li>

<li>

<p>Let <var title="">challenge</var> be the concatenation of <var title="">part1</var>, expressed as a big-endian 32 bit integer,
<var title="">part2</var>, expressed as a big-endian 32 bit
integer, and the eight bytes of <var title="">key3</var> in the
<p>Let <var title="">challenge</var> be the concatenation of <var title="">part<sub title="">1</sub></var>, expressed as a big-endian 32 bit integer,
<var title="">part<sub title="">2</sub></var>, expressed as a big-endian 32 bit
integer, and the eight bytes of <var title="">key<sub title="">3</sub></var> in the
order they were sent on the wire.</p>

<!--
Expand Down Expand Up @@ -69347,7 +69350,14 @@ <h6 id="sending-the-server's-opening-handshake"><span class=secno>10.3.4.4.2 </s

</dd>

</dl></li>
</dl><p>Optionally, include "<code title=http-setcookie>Set-Cookie</code>", "<code title=http-setcookie2>Set-Cookie2</code>", or other
cookie-related fields, with values equal to the values that would
be used for the identically named HTTP headers.
<a href=#refsCOOKIES>[COOKIES]</a>

</p>

</li>

<li>

Expand Down
82 changes: 49 additions & 33 deletions source
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75998,7 +75998,7 @@ Sec-WebSocket-Location: ws://example.com/demo</pre>
client's handshake to verify the correctness of the values.</p>

<p>Option fields can also be included. In this version of the
protocol, the only option field is <code
protocol, the main option field is <code
title="http-sec-websocket-protocol">Sec-WebSocket-Protocol</code>,
which indicates the subprotocol that the server speaks. Web browsers
verify that the server included the same value as was specified in
Expand All @@ -76008,6 +76008,9 @@ Sec-WebSocket-Location: ws://example.com/demo</pre>

<pre>Sec-WebSocket-Protocol: chat</pre>

<p>The server can also set cookie-related option fields to
<em>set</em> cookies, as in HTTP.</p>

<p>After the fields, the server sends the aforementioned MD5 sum, a
16 byte (128 bit) value, shown here as if interpreted as ASCII:</p>

Expand Down Expand Up @@ -77763,19 +77766,19 @@ multi-origin semantics described in [ORIGIN] applying. (http-origin)
value. The empty string is not the same as the null value for
these purposes.</dd>

<dt><var title="">key1</var></dt>
<dt><var title="">key<sub title="">1</sub></var></dt>

<dd>The value of the "<code
title="http-sec-websocket-key1">Sec-WebSocket-Key1</code>"
field in the client's handshake.</dd>

<dt><var title="">key2</var></dt>
<dt><var title="">key<sub title="">2</sub></var></dt>

<dd>The value of the "<code
title="http-sec-websocket-key2">Sec-WebSocket-Key2</code>"
field in the client's handshake.</dd>

<dt><var title="">key3</var></dt>
<dt><var title="">key<sub title="">3</sub></var></dt>

<dd>The eight random bytes sent after the first 0x0D 0x0A 0x0D
0x0A sequence in the client's handshake.</dd>
Expand All @@ -77796,15 +77799,15 @@ multi-origin semantics described in [ORIGIN] applying. (http-origin)

<li>

<p>Let <var title="">key1-number</var> be the digits (characters
<p>Let <var title="">key-number<sub title="">1</sub></var> be the digits (characters
in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
<var title="">key1</var>, interpreted as a base ten integer,
ignoring all other characters in <var title="">key1</var>.</p>
<var title="">key<sub title="">1</sub></var>, interpreted as a base ten integer,
ignoring all other characters in <var title="">key<sub title="">1</sub></var>.</p>

<p>Let <var title="">key2-number</var> be the digits (characters
<p>Let <var title="">key-number<sub title="">2</sub></var> be the digits (characters
in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
<var title="">key2</var>, interpreted as a base ten integer,
ignoring all other characters in <var title="">key2</var>.</p>
<var title="">key<sub title="">2</sub></var>, interpreted as a base ten integer,
ignoring all other characters in <var title="">key<sub title="">2</sub></var>.</p>

<div class="example">

Expand All @@ -77820,11 +77823,11 @@ Sec-WebSocket-Key2: 17&nbsp;&nbsp;9&nbsp;G`ZD9&nbsp;&nbsp;&nbsp;2&nbsp;2b&nbsp;7

WjN}|M(6</pre>

<p>The <var title="">key1-number</var> would be the number
3,626,341,780, and the <var title="">key2-number</var> would be
<p>The <var title="">key-number<sub title="">1</sub></var> would be the number
3,626,341,780, and the <var title="">key-number<sub title="">2</sub></var> would be
the number 1,799,227,390.</p>

<p>In this example, incidentally, <var title="">key3</var> is
<p>In this example, incidentally, <var title="">key<sub title="">3</sub></var> is
"WjN}|M(6", or 0x57 0x6A 0x4E 0x7D 0x7C 0x4D 0x28 0x36.</p>

</div>
Expand All @@ -77833,31 +77836,31 @@ WjN}|M(6</pre>

<li>

<p>Let <var title="">spaces1</var> be the number of U+0020 SPACE
characters in <var title="">key1</var>.</p>
<p>Let <var title="">spaces<sub title="">1</sub></var> be the number of U+0020 SPACE
characters in <var title="">key<sub title="">1</sub></var>.</p>

<p>Let <var title="">spaces2</var> be the number of U+0020 SPACE
characters in <var title="">key2</var>.</p>
<p>Let <var title="">spaces<sub title="">2</sub></var> be the number of U+0020 SPACE
characters in <var title="">key<sub title="">2</sub></var>.</p>

<p>If either <var title="">spaces1</var> or <var
title="">spaces2</var> is zero, then <span>abort the WebSocket
<p>If either <var title="">spaces<sub title="">1</sub></var> or <var
title="">spaces<sub title="">2</sub></var> is zero, then <span>abort the WebSocket
connection</span>. This is a symptom of a cross-protocol
attack.</p>

<p class="example">In the example above, <var
title="">spaces1</var> would be 4 and <var title="">spaces2</var>
title="">spaces<sub title="">1</sub></var> would be 4 and <var title="">spaces<sub title="">2</sub></var>
would be 10.</p>

</li>

<li>

<p>If <var title="">key1-number</var> is not an integral multiple
of <var title="">spaces1</var>, then <span>abort the WebSocket
<p>If <var title="">key-number<sub title="">1</sub></var> is not an integral multiple
of <var title="">spaces<sub title="">1</sub></var>, then <span>abort the WebSocket
connection</span>.</p>

<p>If <var title="">key2-number</var> is not an integral multiple
of <var title="">spaces2</var>, then <span>abort the WebSocket
<p>If <var title="">key-number<sub title="">2</sub></var> is not an integral multiple
of <var title="">spaces<sub title="">2</sub></var>, then <span>abort the WebSocket
connection</span>.</p>

<p class="note">This can only happen if the client is not a
Expand All @@ -77867,24 +77870,24 @@ WjN}|M(6</pre>

<li>

<p>Let <var title="">part1</var> be <var
title="">key1-number</var> divided by <var title="">spaces1</var>.</p>
<p>Let <var title="">part<sub title="">1</sub></var> be <var
title="">key-number<sub title="">1</sub></var> divided by <var title="">spaces<sub title="">1</sub></var>.</p>

<p>Let <var title="">part2</var> be <var
title="">key2-number</var> divided by <var title="">spaces2</var>.</p>
<p>Let <var title="">part<sub title="">2</sub></var> be <var
title="">key-number<sub title="">2</sub></var> divided by <var title="">spaces<sub title="">2</sub></var>.</p>

<p class="example">In the example above, <var title="">part1</var>
would be 906,585,445 and <var title="">part2</var> would be
<p class="example">In the example above, <var title="">part<sub title="">1</sub></var>
would be 906,585,445 and <var title="">part<sub title="">2</sub></var> would be
179,922,739.</p>

</li>

<li>

<p>Let <var title="">challenge</var> be the concatenation of <var
title="">part1</var>, expressed as a big-endian 32 bit integer,
<var title="">part2</var>, expressed as a big-endian 32 bit
integer, and the eight bytes of <var title="">key3</var> in the
title="">part<sub title="">1</sub></var>, expressed as a big-endian 32 bit integer,
<var title="">part<sub title="">2</sub></var>, expressed as a big-endian 32 bit
integer, and the eight bytes of <var title="">key<sub title="">3</sub></var> in the
order they were sent on the wire.</p>

<!--
Expand Down Expand Up @@ -77970,6 +77973,19 @@ WjN}|M(6</pre>

</dl>

<p>Optionally, include "<code
title="http-setcookie">Set-Cookie</code>", "<code
title="http-setcookie2">Set-Cookie2</code>", or other
cookie-related fields, with values equal to the values that would
be used for the identically named HTTP headers.
<!--END complete-->
<a href="#refsRFC2109">[RFC2109]</a>
<a href="#refsRFC2965">[RFC2965]</a>
<!--START complete--><!--END websocket-protocol-->
<a href="#refsCOOKIES">[COOKIES]</a>
<!--START websocket-protocol-->
</p>

</li>

<li>
Expand Down

0 comments on commit 761b27b

Please sign in to comment.