Make WebSocket point to Fetch #180
Comments
|
We should look into making WebSocket run over Fetch until the "upgrade" happens. That would ensure we don't keep running into this mess. |
|
Making WebSocket run over Fetch is a non-starter unless we fork the whole protocol back in. (It does seem that this might be needed at some point, e.g., presumably So I guess maybe for now we should continue to duplicate requirements. It seems @mikewest has already done so in https://w3c.github.io/webappsec/specs/upgrade/#websockets-integration. So maybe we should turn that into a monkey patch for HTML instead. |
|
So seeing https://www.w3.org/Bugs/Public/show_bug.cgi?id=28841 it seems @mikewest wants to make this work in a different fashion. To stop throwing early errors and instead make it a network error of sorts. That makes sense if we ever want to migrate the connection algorithm to Fetch. However, the IETF folks are not interested in updating the RFC. So either we keep various monkey patches around or perhaps merge these just before the step that establishes the connection. The latter seems better since e.g., HSTS is not otherwise covered. |
|
I filed errata against the Web Sockets RFC for MIX, which I am assured means that it'll totally get taken care of whenever they update the spec: http://www.rfc-editor.org/errata_search.php?rfc=6455&eid=4398. I doubt that's going to happen anytime soon. |
|
So when I asked about HSTS and things like cookies they didn't really seem to care much. |
|
We could also just take over the entire "establish a connection" algorithm since I think most browsers just use Fetch... |
annevk
changed the title
|
This can be fixed once whatwg/fetch#235 is fixed. |
This makes the following changes to the WebSocket API: * Moves Mixed Content, HSTS, and cookie handling to the network layer. * Makes sure that other things handled by the network layer now also apply to WebSocket, such as upgrading of insecure requests. * Removes the unused "extensions in use" concept. * Removes the "client-specified protocols" concept since that is entirely handled by the Web Socket Protocol specification (and still is with the Fetch alterations). * Inlines the parsing of URLs since it's a lot less involved now. Also uses the URL parser rather than the "parse a URL" construct since there's no base URL. Fixes #180.
This makes the following changes to the WebSocket API: * Moves Mixed Content, HSTS, and cookie handling to the network layer. * Makes sure that other things handled by the network layer now also apply to WebSocket, such as upgrading of insecure requests. * Removes the unused "extensions in use" concept. * Removes the "client-specified protocols" concept since that is entirely handled by the Web Socket Protocol specification (and still is with the Fetch alterations). * Inlines the parsing of URLs since it's a lot less involved now. Also uses the URL parser rather than the "parse a URL" construct since there's no base URL. Fixes #180, https://www.w3.org/Bugs/Public/show_bug.cgi?id=27869, and https://www.w3.org/Bugs/Public/show_bug.cgi?id=26967.
This makes the following changes to the WebSocket API: * Moves Mixed Content, HSTS, and cookie handling to the network layer. * Makes sure that other things handled by the network layer now also apply to WebSocket, such as upgrading of insecure requests. * Removes the unused "extensions in use" concept. * Removes the "client-specified protocols" concept since that is entirely handled by the Web Socket Protocol specification (and still is with the Fetch alterations). * Inlines the parsing of URLs since it's a lot less involved now. Also uses the URL parser rather than the "parse a URL" construct since there's no base URL. Fixes #180, https://www.w3.org/Bugs/Public/show_bug.cgi?id=27869, and https://www.w3.org/Bugs/Public/show_bug.cgi?id=26967.
This makes the following changes to the WebSocket API: * Moves Mixed Content, HSTS, and cookie handling to the network layer. * Makes sure that other things handled by the network layer now also apply to WebSocket, such as upgrading of insecure requests. * Removes the unused "extensions in use" concept. * Removes the "client-specified protocols" concept since that is entirely handled by the Web Socket Protocol specification (and still is with the Fetch alterations). * Inlines the parsing of URLs since it's a lot less involved now. Also uses the URL parser rather than the "parse a URL" construct since there's no base URL. Fixes #180, https://www.w3.org/Bugs/Public/show_bug.cgi?id=27869, and https://www.w3.org/Bugs/Public/show_bug.cgi?id=26967.
This makes the following changes to the WebSocket API: * Moves Mixed Content, HSTS, and cookie handling to the network layer. * Makes sure that other things handled by the network layer now also apply to WebSocket, such as upgrading of insecure requests. * Removes the unused "extensions in use" concept. * Removes the "client-specified protocols" concept since that is entirely handled by the Web Socket Protocol specification (and still is with the Fetch alterations). * Inlines the parsing of URLs since it's a lot less involved now. Also uses the URL parser rather than the "parse a URL" construct since there's no base URL. Fixes #180, https://www.w3.org/Bugs/Public/show_bug.cgi?id=27869, and https://www.w3.org/Bugs/Public/show_bug.cgi?id=26967.
This change adds annotations in the margin of the spec output next to any items for which there’s a corresponding MDN article somewhere under https://developer.mozilla.org/en-US/docs/Web that has a Specifications section with a link to that item's URL. The mechanism for inserting the annotations relies on data in a JSON file containing a mapping of spec ID-attribute values to MDN article pathnames. The change adds a copy of that file to the repo, along with a makefile for updating/regenerating the JSON file. Depends on whatwg/wattsi#89. Fixes whatwg#180.
It seems upgrade-insecure-requests applies to WebSocket too. We should probably start thinking about some shared infrastructure between Fetch and WebSocket.
Credit: Christoph Kerschbaumer.
The text was updated successfully, but these errors were encountered: