sgowtham441 / pywebsocket

Automatically exported from code.google.com/p/pywebsocket
0 stars 0 forks source link

Vanilla Apache Auth handlers not supported #105

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Set an AuthType for a web socket path

What is the expected output? What do you see instead?
The authenticator should run before a web socket is opened. Instead, 
pywebsocket hijacks the connection before it gets a chance to run.

What version of the product are you using? On what operating system?
1.6b2

Please provide any additional information below.
I understand why this happens, but it's still a problem which prevents me from 
using pywebsocket for authed apps (since the data sent through web sockets is 
secret.) I'm looking into how I could fix this, but I have no experience with 
mod_python or pywebsocket. From looking through it shortly, it would seem that 
it can be fixed by having the PythonHeaderParserHandler not hijack the request, 
only mark it for later, then have a PythonRequestHandler that actually does the 
whole websocket-y thing. Is this possible?

Original issue reported on code.google.com by andreasblixt on 19 Jul 2011 at 2:41

GoogleCodeExporter commented 9 years ago
Okay, I got it working. The solution I have is not perfect, so I won't post a 
patch, but essentially I set a flag in the PythonHeaderParserHandler phase and 
moved the transfer_data call to the PythonHandler phase. I used "SetHandler 
mod_python" on the web socket location to enable the PythonHandler phase.

The only "problem" I can see is that the socket does open for an instant, but 
if the auth handler causes any redirect or error, the socket will die before 
any data can be sent.

Anyway, I hope this can be done in a more clean manner, I consider it to be a 
very essential thing to have when dealing with secure data over web sockets.

Original comment by andreasblixt on 19 Jul 2011 at 11:04