Closed aronson closed 1 month ago
I'm not at a computer right now so I can't check your code but according to the testnet logs you are not sending an origin header. This is required by InspIRCd as it used for checking whether the origin host is whitelisted (testnet allows all origins but this behaviour is not recommended for typical servers as it puts them at risk of bot attacks).
What origin header might a client send when it's not from a web browser? The hostname?
We indeed don't send an origin header. That must be the issue. Surprising the other two server implementations allow this. Is this documented somewhere?
Seems there is a problem, Node.js and Deno don't allow the user to modify the headers of the upgrade attempt.
I was unable to find a custom library that offers functionality to modify the Origin header while also allowing for subprotocol negotiation.
I suggest enabling behavior to allow this optional header to be optional when clients do not support it in the case where the allowed origins is set to "*". Otherwise a categorical class of clients will not be able to connect to your server implementation.
Adding special cases for some origins is problematic as we would then need to handle a bunch of extra cases that are effectively the same like https://*
. Whitelisting such origins is also massively discouraged as it exposes servers to spambot attacks (like this similar non-websocket attack).
Websocket support is intended for web applications (which aways send an origin header) controlled by the IRC network admins. If you're making a desktop application there is zero benefit for using websockets over normal sockets so you can just use them instead.
Deno also operates in the browser environment where it should send the origin header. You make a great point, servers aren't going to only provide a websocket endpoint without offering a TCP endpoint. If they do and it's an issue I think it's on the operator to support their clients.
I'm going to close this issue out as not valid. Thank you for explaining what's going on here and why my understanding was incorrect, I appreciate it 🙂
I've been thinking about this some more and I've decided that it doesn't hurt for us to support this as long as admins can opt-out of it.
Description
Hello, I wrote websocket protocol support for deno-irc, an IRC client library.
I found that InspIRCd does not negotiate the websocket connection attempt properly in the Node.js and Deno environments. It does work in browser environments, specifically tested with Google Chrome and Safari. We also tested against Ergo and UnrealIRCd.
Here is the wireshark output of a failed negotiation from the testnet InspIRCd server followed by an example successful connection from a local Ergo server.
The shape of the HTTP upgrade attempt sent by the framework looks as such:
The server returns a 400 bad request response and the connection fails.
This currently blocks InspIRCd websocket support in deno-irc. I have also tested against a build of the master branch.
Steps to reproduce the issue: Both Node.js and Deno can reproduce this issue as clients with a minimal example borrowed from this working browser IRC websocket client. I've provided instructions for both.
Node:
cd
into itnpm install
to install websocket modulenode test.js
to execute test script. Edit websocket URL string appropriately for local testingDeno:
test.ts
deno run -A test.ts
in the same directory. Edit websocket URL string appropriately for local testingDescribe the results you received: A 400 Bad Request response on a websocket upgrade attempt from two standard JS/TS runtimes.
Describe the results you expected: A 101 Switching Protocols response on a websocket upgrade attempt.
Additional information you deem important (e.g. issue happens only occasionally): EDIT: I uploaded files with my personal testing URLs by mistake originally and quickly fixed them to the testnet
ws://testnet.inspircd.org:8067
, apologies for any confusion.Output of
./bin/inspircd --version
:InspIRCd version: 4.0.0-82b5826d0