Mismatch Between Sec-WebSocket-Protocol & accept-version

JSteunou / webstomp-client

Stomp client over websocket for browsers

Apache License 2.0

299 stars 59 forks source link

Mismatch Between Sec-WebSocket-Protocol & accept-version #66

Closed dansiviter closed 6 years ago

dansiviter commented 6 years ago

It's possible for the headers to state:

GET ws://myhost:8080/websocket HTTP/1.1
Host: myhost:8080
Connection: Upgrade
...
Sec-WebSocket-Protocol: v11.stomp, v12.stomp  // <-- only v1.1 and v1.2

But the CONNECT frame to state:

CONNECT
accept-version:1.2,1.1,1.0   // <-- Are we able to accept 1.0?

IMO, I don't think it's valid to declare the STOMP protocol on the Sec-WebSocket-Protocol header and then disregard it in the accept-version.

Issue found in v1.2.0.

JSteunou commented 6 years ago

Thanks I will look into it

JSteunou commented 6 years ago

Indeed, if you enforce protocols with specific versions, those are not used to compute the STOMP accept-version in the CONNECT frame

Not sure if this could have some negative impact though

JSteunou commented 6 years ago

Fixed in https://github.com/JSteunou/webstomp-client/releases/tag/1.2.2