On Mon, 2020-12-07 at 12:46 +0100, Alberto Garcia wrote: > Do I understand correctly that this is due to bugs in libsoup then?
Yes. libsoup versions previous to 2.68 don't have a WebSocket implementation that had been thoroughly tested (or tested at all) with WebKit. If you have a WebKit version that uses libsoup's websockets, you MUST use 2.68 or newer. > If this was working in earlier versions of webkit I only see two > options: > > - Reverting the changes in WebKit (probably > https://trac.webkit.org/changeset/248099/webkit) > - Updating libsoup, or backporting the relevant fixes (if libsoup is > indeed buggy). I think in this case the easiest is to actually backport the libsoup bug fixes. It's also what makes more sense from a security perspective, as those are fixes to the websocket implementation in libsoup that is probably used by other applications as well. Reverting the WebKit changeset will not fix libsoup's bugs. Note that there is also new WebSockets API for extensions added to libsoup at that point, but I think most if not all of the bug fixes might be easily backported without introducing the new API. Also, note that there might be other patches in WebKit that relate to this as subsequent code fixes. I don't think reverting this in WK will be straightforward. Claudio