google-code-export / jwebsocket

Automatically exported from code.google.com/p/jwebsocket
1 stars 3 forks source link

Client handshake assumes protocol is http #181

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1. Call open("wss.example.com:9797").
2. The generated client handshake contains: Sec-WebSocket-Origin: 
http://example.com.

What is the expected output? What do you see instead?

Origin: https://example.com:9797

It looks like Sec-WebSocket-Origin should be Origin [1], and the origin should 
include the scheme, host and port [2].

Without scheme and port, more restrictive domain filters such as the following 
are not possible.

<domain>https://example.com:9797</domain>

[1] http://tools.ietf.org/html/rfc6455#section-1.3
[2] http://tools.ietf.org/html/draft-ietf-websec-origin-05#section-3.2

What version of the product are you using? On what operating system?

1.0-nb20507
Debian GNU/Linux sid.

Original issue reported on code.google.com by jamiefo...@gmail.com on 21 May 2012 at 6:53

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks a lot for the valuable patch!
Submitted today with change r1885.
Best Regards,
Alex

Original comment by fivefeetfurther@gmail.com on 10 Jan 2014 at 1:56