On Wed, 15 Jul 2009, Amos Jeffries wrote: > > > > Could you elaborate on what bytes Squid thinks it should change in the > > WebSocket handshake? > > Byte 5 through to the first of: two CRLF or one NULL byte. Specified as > step 1 through 11 by the looks of it. > > Correctly operating: > * MUST remove the "Upgrade: WebSocket\r\n" bytes. > [...]
This would cause the WebSocket connection to fail, which is the correct behaviour. After all, if the connection isn't upgraded, we don't want anything further to happen (in particular we don't want the client sending arbitrary bytes to the server or proxy, since that would open up the proxy to being abused to download content from any arbitrary server including intranet servers or other domains on shared-hosting servers). So loosening up the handshake wouldn't solve the problem described previously of Squid breaking an HTTP Upgrade to WebSocket in the case of a client behind a firewall that only allows port 80 and where all traffic through that port goes through a man-in-the-middle proxy. What solution would you recommend for such a case? -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
