Comments (6)
I mean something like this:
func upgrade(conn net.Conn) error {
var negotiatedBinary bool
_, err := (ws.Upgrader{
OnBeforeUpgrade: func() (ws.HandshakeHeader, error) {
if !negotiatedBinary {
return nil, ws.RejectConnectionError(
ws.RejectionCode(403),
)
}
return
},
Protocol: func(p []byte) bool {
if bytes.Equal(p, []byte("binary2")) {
negotiatedBinary = true
return true
}
return false
},
}).Upgrade(conn)
return err
}
from ws.
Hi @navossoc,
From the RFC:
6. If the response includes a |Sec-WebSocket-Protocol| header field
and this header field indicates the use of a subprotocol that was
not present in the client's handshake (the server has indicated a
subprotocol not requested by the client), the client MUST Fail
the WebSocket Connection.
from ws.
In other words you can not “enforce” to use some subprotocol which client does not know. This mechanism is intended to make both sides of connection agreed on the subprotocol.
from ws.
Also, if your client knows how to deal with both binary and binary2 subprotocols, they could both passed as a comma separated list (ordered be preference) during handshake.
from ws.
Thanks for your answer, but I'm still not sure if this is totally accurate.
I know, if the client can't handle the subprotocol it can't be enforced, but at least the connection should not be completed.
For example, this websocket server:
wscat --connect wss://upp203a.ig.com/lightstreamer
(fail/403) (I meant this case, server expect a subprotocol, client didn't sent any)
wscat --connect wss://upp203a.ig.com/lightstreamer -s randomprotocol
(fail/403) (wrong subprotocol, ok, already handled by gobwas/ws)
wscat --connect wss://upp203a.ig.com/lightstreamer -s js.lightstreamer.com
(succeed/101)
You can check it here: https://www.ig.com/us
In this case, the client didn't sent a Sec-WebSocket-Protocol
as per RFC it MAY send it or not. So it is ok.
Now, the server only knows how to speak subprotocol js.lightstreamer.com
so it send back a 403.
That is what I was trying to achieve.
To be honest, I believe I didn't read in the RFC a case like this.
Do you know any other websocket servers that are using a subprotocol? I'll try to find more tomorrow for testing.
from ws.
It looks like OnBeforeUpgrade callback will work for you – negotiated subprotocol could be checked there and appropriate error may be returned.
from ws.
Related Issues (20)
- Question: client example
- EOF error on ws.Upgrade HOT 8
- Is it necessary to use sync.Pool to reuse Reader Object in readData? HOT 1
- Read and Write timeouts? HOT 5
- Handshake.Extentions pointing to a buffer already returned to pbufio.ReaderPool
- State of the package and security updates HOT 6
- Websocket error on Safari HOT 4
- Dialer's Header parameter doesn't work as intended HOT 6
- Is WriteServerMessage thread-safe? HOT 9
- json decoder or unmarshaler? HOT 2
- Client-side example? HOT 5
- readme example problem HOT 1
- Correct way to handle continuation frame? HOT 1
- ReadFrame maxs out at 4096 lengths HOT 11
- RSV1 set, FIN not set on control using wsutil HOT 1
- Question - add headers during the upgrade HOT 2
- message rate limiter HOT 1
- Client disconnects on its own due to the 1008 error and EOF error. HOT 8
- Any example for using this library with `gnet`? HOT 5
- I encountered a problem of automatic disconnection after 30 seconds HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ws.