On Wed, 15 Jul 2009, Amos Jeffries wrote:
> >
> > Could you elaborate on what bytes Squid thinks it should change in the
> > WebSocket handshake?
>
> Byte 5 through to the first of: two CRLF or one NULL byte. Specified as
> step 1 through 11 by the looks of it.
>
> Correctly operating:
> * MUST remove the "Upgrade: WebSocket\r\n" bytes.
> [...]
This would cause the WebSocket connection to fail, which is the correct
behaviour. After all, if the connection isn't upgraded, we don't want
anything further to happen (in particular we don't want the client sending
arbitrary bytes to the server or proxy, since that would open up the proxy
to being abused to download content from any arbitrary server including
intranet servers or other domains on shared-hosting servers).
So loosening up the handshake wouldn't solve the problem described
previously of Squid breaking an HTTP Upgrade to WebSocket in the case of a
client behind a firewall that only allows port 80 and where all traffic
through that port goes through a man-in-the-middle proxy.
What solution would you recommend for such a case?
-- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'Received on Wed Jul 15 2009 - 07:42:49 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 15 2009 - 12:00:05 MDT