Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

websocket negotiation of extension configuration parameters #3465

Closed
lachlan-roberts opened this issue Mar 14, 2019 · 0 comments
Closed

websocket negotiation of extension configuration parameters #3465

lachlan-roberts opened this issue Mar 14, 2019 · 0 comments

Comments

@lachlan-roberts
Copy link
Contributor

Selecting Extension Parameters

Currently we are overwriting the negotiated ExtenionConfigs with the value of the first offered
ExtensionConfig parameter of the same name extension name. RFC7692 says that the client can request multiple extensions of the same extension name with different configuration parameters to allow the server to choose which set of configuration parameters to use.
https://tools.ietf.org/html/rfc7692#section-5

https://github.com/eclipse/jetty.project/blob/67838609c3059134c3a3374f3de745f66a2ec6d4/jetty-websocket/websocket-core/src/main/java/org/eclipse/jetty/websocket/core/server/Negotiation.java#L234-L247

Here we will overwrite the negotiated extension parameters with the parameters of the first
offered extension. This will make choosing a set of configuration parameters for the extension
impossible.

Changing Extension Parameters

RFC7629 says that during the negotiation the server may drop or modify extension parameters. In general it looks like whether it is correct to do this is dependant on the specific extension.
https://tools.ietf.org/html/rfc7692#section-5

Server may drop parameters

The contents of the element don't
need to be exactly the same as those of the received extension
negotiation offers.  For example, suppose that a server received a
PMCE extension negotiation offer with an extension parameter "X"
indicating that the client can enable an optional feature named X.
The server may accept the PMCE offer with an element without the
extension parameter "X", meaning that the server chose not to enable
the feature X.  In this case, the offer contains the extension
parameter "X", but the "agreed parameters" don't contain the
extension parameter "X".

Server may change parameters:

The name of the acknowledging parameter
doesn't need to be exactly the same as the offer.  For example, two
parameters, "enable_strong_compression" and
"enable_weak_compression", may be defined as acknowledging parameters
for "enable_compression".
lachlan-roberts added a commit to lachlan-roberts/jetty.project that referenced this issue Mar 21, 2019
@lachlan-roberts
Issue jetty#3465 - Negotiation of WebSocket extensions
26e7881 
default behaviour of Negotiation no longer includes all of the
offered extensions as the negotiated extensions but it now takes
only the first extension if there are multiple of the same name,
this is now done when the negotiation is created and can be overwritten
by the negotiator

Throw exception on websocket errors so the proper status code can
be reported back to the client

fix to checking for multiple negotiated extensions of the same name

added tests for core and jetty websockets for the negotiation

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit to lachlan-roberts/jetty.project that referenced this issue Mar 21, 2019
@lachlan-roberts
Issue jetty#3465 - internal WebSocket extensions
945a1ce 
do not allow internal extensions to be offered by the client
do not validate internal extensions

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
@lachlan-roberts lachlan-roberts mentioned this issue Mar 21, 2019
Merged
lachlan-roberts added a commit to lachlan-roberts/jetty.project that referenced this issue Mar 21, 2019
@lachlan-roberts
Issue jetty#3465 - internal WebSocket extensions
eb4f7c0 
do not allow internal extensions to be offered by the client
do not validate internal extensions

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit to lachlan-roberts/jetty.project that referenced this issue Mar 26, 2019
@lachlan-roberts
Issue jetty#3465 - client/server error handling behavior for Extensio…
46ef94c 
…nStack

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
gregw added a commit that referenced this issue Mar 26, 2019
@gregw
Merge pull request #3478 from lachlan-roberts/jetty-10.0.x-3465-exten…
3d16eba 
…sion-negotiation

Issue #3465 - WebSocket Extension Negotiation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lachlan-roberts