search

vi / websocat

Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions
MIT License
7.17k stars 278 forks source link

websocat server doesn't reply with Sec-WebSocket-Protocol #34

Open therealprof opened 5 years ago

therealprof commented 5 years ago

As per RFC 6455, if the client includes a Sec-WebSocket-Protocol header, the server must pick one of the available protocols and send back a Sec-WebSocket-Protocol header with the selection made. If it does not send back a Sec-WebSocket-Protocol the client must assume the connection to have failed.

However, (in simple server mode) websocat neither sends back the header by itself nor does the --protocol switch seem to work for some reason.

vi commented 5 years ago

Missing Sec-WebSocket-Protocol in replies when --protocol is specified is to be fixed.

What do you suggest do to if --protocol is not specified?

Options:

Also what do you suggest to do it --protocol is specified, but client failed to specify a protocol or specified different protocol? Just show a warning?

therealprof commented 5 years ago

If no --protocol is specified but the client contains the header my idea would be to:

If --protocol is specified but does not match any of the protocols in the header(s) sent by the client, the RFC is very clear that no Sec-WebSocket-Protocol may be sent back. In this case the client MUST close the connection.

If the client does not specify a Sec-WebSocket-Protocol also no Sec-WebSocket-Protocol may be sent back but in that case the client will continue communication. My preference would be to issue a warning to the user.

vi commented 5 years ago

Addressed this in new release v1.4.0. Now there is --server-protocol for explicitly specifying reply protocol. Also it chooses the first from the list even when --server-protocol is not specified.