Comments (6)
You didn't specify a subprotocol in your request from the client, but you are accepting the connection with a subprotocol on the server. Your client code should request the same subprotocol that you are specifying when you accept the request on the server:
Client:
new WebSocket('ws://127.0.0.1:8080/', 'your-protocol-here');
Server:
wsServer.on('request', function(request) {
var connection = request.accept('your-protocol-here', request.origin);
// More code here...
}
from websocket-node.
Oh, you're totally right. That works, thanks! However, clients should still not be able to crash the server, should they?
from websocket-node.
It's more that a coding error on the server caused the crash. Throwing an
error there is intentional, meant to get your attention that you missed
something in your code. It's the server's responsibility to verify that
the client requested a subprotocol that the server knows how to speak. If
you skip that verification step, you're asking for trouble. The example
code I posted is actually too lazy. You should be looping over the
contents of request.requestedProtocols to make sure that the client
requested a protocol that you want to establish a connection for.
According to the WebSocket specification, the client can request multiple
subprotocols, and the server can accept the connection with one of them, or
no subprotocol specified. That allows the client to request a number of
different protocols, for example, "my-great-protocol" and
"my-even-better-protocol", and let the server choose the best protocol that
it knows how to speak. The server also has the option of not specifying a
protocol when accepting the connection: pass null for the protocol when
calling request.accept().
Trying to accept the connection with a protocol that the client didn't
request in the first place is an error condition.
Brian
On Fri, Jan 11, 2013 at 1:17 AM, Philipp Hagemeister <
[email protected]> wrote:
Oh, you're totally right. That works, thanks! However, clients should
still not be able to crash the server, should they?—
Reply to this email directly or view it on GitHubhttps://github.com//issues/76#issuecomment-12136781.
Brian McKelvey
C.E.O & Co-Founder
Worlize Inc.
www.worlize.com
from websocket-node.
So I guess the question then becomes what would be better example code. Maybe leave out the subprotocol in the accept
call, or catch the exception and abort properly?
from websocket-node.
I used to catch exceptions but realised it's the completely wrong way to do it. Just manually check the subprotocol, and then only run accept
if it was correct.
from websocket-node.
@theturtle32 Tx man you saved so much time of ours
from websocket-node.
Related Issues (20)
- The NPM package is not a place for politics HOT 1
- The NPM package is not a place for politics HOT 2
- Get URL Parameters HOT 1
- Ssl using cloudflare
- Send bytes query
- broadcast
- How to connect to multiple WebSockets? HOT 1
- install of websocket and immediatly disapear
- How Can we get Connection URL from w3cwebsocket to webSocket.Server Connection
- Similar to emit socket.io HOT 1
- send to all connected clients HOT 2
- Getting vulnerable issue [email protected]
- Need more docs on the usage of client
- Unable to connect with auth info in url and special characters HOT 1
- connection.on('message', ...) - where this event is emitted ? HOT 1
- This pkg appears abandoned. I recommend switching to "ws", it's a very similar implementation HOT 4
- Malware dependency
- Update UTF-8 Validation Code
- Request to Upgrade es5-ext Dependency to Resolve Veracode Vulnerability HOT 5
- websocket doesn't work under bun HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from websocket-node.