Summary: | websockets handshaking broken for responses that omit status text / reason | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Joey Korkames <joey> | ||||||
Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> | ||||||
Status: | RESOLVED CONFIGURATION CHANGED | ||||||||
Severity: | Normal | CC: | achristensen, webkit-bug-importer, youennf | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | Safari 12 | ||||||||
Hardware: | Mac | ||||||||
OS: | macOS 10.14 | ||||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=198568 | ||||||||
Attachments: |
|
Description
Joey Korkames
2019-09-22 20:11:22 PDT
Created attachment 379353 [details]
inspector preview shows no parsed response
autobahn.py's WS testsuite* seems to agree with Chrome & FF handshake impls, but not webkit's: # Response Line # sl = self.http_status_line.split() if len(sl) < 2: return self.failHandshake("Bad HTTP response status line '%s'" % self.http_status_line) In [1]: len("HTTP/1.1 101".split()) Out[1]: 2 1: https://github.com/crossbario/autobahn-python/blob/f0d15f02735429e3f92ea56502b79b33acc65882/autobahn/websocket/protocol.py#L3674) Its tyranny of the majority (of UAs), including Safari, if its using NSURLSession & I'm following it accurately: https://opensource.apple.com/source/CFNetwork/CFNetwork-129.20/HTTP/CFHTTPStream.c.auto.html httpReceiveResponse is just checking it got all the bytes it can get nextActionForHeaders() calls CFHTTPMessageGetResponseStatusCode(CFMessageRef headers)... https://opensource.apple.com/source/CFNetwork/CFNetwork-129.20/HTTP/CFHTTPMessage.c.auto.html looks for the .flags[status] that *_extractResponseStatusLine got when initializing the CFHTTPMessage (after _parseHeadersFromData was fired on the last append of message's bytes) *_extractResponseStatusLine(...) seems to parse for just the code numbers Very hard to follow! But this is borne out when trying to browse this server in Safari. it's inspector says: "Failed to load resource: the server responded with a status of 400 () -- https://web.voice.telephony.goog/favicon.ico" showing CFNetwork does tolerate the truncated status line. I suppose there's already a task open to convert webcore:websockets to NSURLSession or CFURLConnection? The site in the initial report has fixed their status line to be HTTP1.1 conformant. I don't have another candidate to test against. FWIW, WebKit Cocoa port is working on using NSURLSession WebSocket code path which seem to treat 'HTTP/1.1 101\r\n' as valid. Tested by modifying web socket python scripts like LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-upgrade-header_wsh.py |