NEW 271122
WebSocket must not be established when subprotocol is not selected by the server 
https://bugs.webkit.org/show_bug.cgi?id=271122
Summary WebSocket must not be established when subprotocol is not selected by the server
Ahmad Saleem
Reported 2024-03-17 01:02:35 PDT
Hi Team, While going through Blink's commit, I came across one from @yusuke and noticed that we have merged this or tackle this: Blink Commit: https://src.chromium.org/viewvc/blink?view=revision&revision=155603 WebKit Source: https://searchfox.org/wubkat/rev/c7c814d5a000eb37da1d6bd0e4e634f9fc85887e/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp#532 ^ Bit below but from here, it starts and below compiles: } else if (!m_clientProtocol.isEmpty()) { m_failureReason = "Error during WebSocket handshake: Sec-WebSocket-Protocol mismatch"_s; return false; } __ Unfortunately, testing `http` tests is not something I know on how to do locally. So just raising to get input. Thanks!
Attachments
Add attachment proposed patch, testcase, etc.
Ahmad Saleem
Comment 1 2024-03-17 01:07:29 PDT
Only relevant link in spec, I can find: https://websockets.spec.whatwg.org//#websocket-opening-handshake Step 11 (Bullet 2) mentions `subprotocol`: Fetch request with useParallelQueue set to true, and processResponse given response being these steps: If response is a network error or its status is not 101, fail the WebSocket connection. If protocols is not the empty list and extracting header list values given `Sec-WebSocket-Protocol` and response’s header list results in null, failure, or the empty byte sequence, then fail the WebSocket connection. This is different from the check on this header defined by The WebSocket Protocol. That only covers a subprotocol not requested by the client. This covers a subprotocol requested by the client, but not acknowledged by the server. Follow the requirements stated step 2 to step 6, inclusive, of the last set of steps in section 4.1 of The WebSocket Protocol to validate response. This either results in fail the WebSocket connection or the WebSocket connection is established.
Alexey Proskuryakov
Comment 2 2024-03-18 18:57:18 PDT
This wouldn't affect Apple platforms, as WebSocket is implemented in underlying system frameworks for us.
Ahmad Saleem
Comment 3 2024-03-18 18:58:35 PDT
@Michael, @Fuji and @Don - does it impact other ports? Or useful?
Michael Catanzaro
Comment 4 2024-03-19 11:12:13 PDT
Carlos Garcia would know. (Of course WebSocket is implemented by the system -- for WPE/GTK it's implemented in libsoup -- but there's a bunch of WebKit-level goo on top as well.)
Note You need to log in before you can comment on or make changes to this bug.