Open Axel13fr opened 4 years ago
Oh, ok, I see. Yeah, to make websocket origin of exotic values like this work in general, I guess we need to expand
which is called from here during the websocket opening handshake to parse the origin:
Actually, the relevant spec is https://tools.ietf.org/html/rfc6454 which is referred in RFC6455. That spec also draws a distinction between the sec-websocket-origin
http header which has an URL value, and the websocket origin computed from the URL using the algorithm described here https://tools.ietf.org/html/rfc6454#section-4
One Q: does QtWebEngine really retun "qrc://"
or eg "qrc://somefile.html"
including whatever resourcename / filename the page is actually loaded from or rendered for?
Thanks for your quick response, the QtWebEngine doesn't add any file name or ressource name, it only gives "qrc://" as the origin.
Here is the complete WS Upgrade request:
GET ws://127.0.0.1:9090/ HTTP/1.1 Host: 127.0.0.1:9090 Connection: Upgrade Pragma: no-cache Cache-Control: no-cache Upgrade: websocket Origin: qrc:// Sec-WebSocket-Version: 13 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) QtWebEngine/5.9.5 Chrome/56.0.2924.122 Safari/537.36 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Key: Rwj3a5FcsXdDygUHa1jo5w== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
^ thanks for the info! that is useful, as it means: we might want a node config knob to configure the mapping of the URL provided as Origin
to a websocket origin (a server-side context in which the websocket client connection is allowed and lives)
btw, Qt in general still seems to lack a bit rgd websocket standard compliance, eg websocket subprotocol handling https://bugreports.qt.io/browse/QTBUG-38742
the latter is relevant for WAMP, which uses wamp
as identifier (https://www.iana.org/assignments/websocket/websocket.xml) ..
luckily, we have already have an _url_to_origin()
abstraction internally:
so all we need is to (enable) map of qrc://
to eg ('qrc', 'nohost', None)
..
we also already have a proper _is_same_origin()
abstraction, which we can extend similarily
Cheers for the info, I'll try to work on it in the following weeks
Hi,
I'm embedding my webpage inside a QWebEngine (https://doc.qt.io/qt-5/qtwebengine-overview.html). This Webengine access local files via qrc:// instead of file:// for Chrome.
The problem is, the _url_to_origin(url) function does handle the Chrome or Firefox case but not the QWebengine page and I have no way to change the origin in my webengine so my websocket connections fail (('HTTP Origin header invalid: No host part in Origin 'qrc://'').
Adding this to _url_to_origin() will handle the case: if scheme == 'qrc':
when browsing local files, QtWebEngine sends qrc:// URLs