[webkit-reviews] review denied: [Bug 213143] Add artificial delay to WebSocket connections to mitigate port scanning attacks : [Attachment 401773] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 12 13:44:26 PDT 2020
Chris Dumez <cdumez at apple.com> has denied katherine_cheney at apple.com's request
for review:
Bug 213143: Add artificial delay to WebSocket connections to mitigate port
scanning attacks
https://bugs.webkit.org/show_bug.cgi?id=213143
Attachment 401773: Patch
https://bugs.webkit.org/attachment.cgi?id=401773&action=review
--- Comment #3 from Chris Dumez <cdumez at apple.com> ---
Comment on attachment 401773
--> https://bugs.webkit.org/attachment.cgi?id=401773
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=401773&action=review
> Source/WebCore/Modules/websockets/WebSocket.cpp:613
> dispatchOrQueueErrorEvent();
You're still firing the JS event right away here so I don't think you are
achieving anything. Also, you are violating the HTML specification now which
says to *first* set readyState to CLOSED and *then* fire the error event:
https://html.spec.whatwg.org/multipage/web-sockets.html#feedback-from-the-proto
col:concept-websocket-closed
More information about the webkit-reviews
mailing list