git.m6w6.name Git - m6w6/m6w6.github.io/blob - _posts/2010-05-10-websockets-handshake-non-http-conforming.md

   1 ---
   2 title: WebSockets Handshake non HTTP conforming?
   3 author: m6w6
   4 tags:
   5 - WTF
   6 - PHP
   7 - WEB
   8 ---
   9
  10
  11 While skimming through the new [HTML5 WebSocket draft](http://dev.w3.org/html5/websockets/),
  12 I noticed the following exemplar HTTP message demonstrating the client message of a WebSocket handshake:
  13
  14 ```http
  15 GET /demo HTTP/1.1
  16 Host: example.com
  17 Connection: Upgrade
  18 Sec-WebSocket-Key2: 12998 5 Y3 1  .P00
  19 Sec-WebSocket-Protocol: sample
  20 Upgrade: WebSocket
  21 Sec-WebSocket-Key1: 4 @1  46546xW%0l 1 5
  22 Origin: http://example.com
  23
  24 ^n:ds[4U
  25 ```
  26
  27 To me this looks non conforming to the [HTTP
  28 spec](http://www.w3.org/Protocols/rfc2616/rfc2616.html) due to the lack of an
  29 indicator that the request contains a message body.
  30
  31 Quoting [the 4th paragraph of section 4.3 of
  32 RFC2616](http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.3):
  33
  34 > The **presence of a message-body** in a request **is signaled** by the
  35 inclusion of a **Content-Length or Transfer-Encoding header** field in the
  36 request's message-headers. A message-body MUST NOT be included in a request if
  37 the specification of the request method (section 5.1.1) does not allow sending
  38 an entity-body in requests. A server SHOULD read and forward a message-body on
  39 any request; if the request method does not include defined semantics for an
  40 entity-body, then the message-body SHOULD be ignored when handling the
  41 request.
  42
  43 Huh?
  44