[Webkit-unassigned] [Bug 202095] New: websockets handshaking broken for responses that omit status text / reason

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Sep 22 20:11:22 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=202095

            Bug ID: 202095
           Summary: websockets handshaking broken for responses that omit
                    status text / reason
           Product: WebKit
           Version: Safari 12
          Hardware: Macintosh
                OS: macOS 10.14
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joey at kidfixit.com

Created attachment 379352

  --> https://bugs.webkit.org/attachment.cgi?id=379352&action=review

unparsed status line passed to WebSocketChannel::fail(reason)

websocket servers that respond with truncated "h2 style" status lines like 'HTTP/1.1 101\r\n' are rejected by Safari:

$ curl -si 'https://web.voice.telephony.goog/websocket' -H 'Host: web.voice.telephony.goog' -H 'Upgrade: websocket' -H 'Connection: Upgrade' -H "Sec-WebSocket-Key: $(openssl rand -base64 16)" -H 'Origin: https://voice.google.com' -H 'Sec-WebSocket-Protocol: sip' -H 'Sec-WebSocket-Version: 13' | head -n1 | hexdump -c
0000000   H   T   T   P   /   1   .   1       1   0   1  \r  \n
000000e

I've cross reported this to the Google Voice forum:
https://support.google.com/voice/thread/14998073?msgid=14998073

That endpoint is for a product that specifically detects-and-degrades on Safari, but maybe that is not such an unusual kind of response line.

Chromium and Firefox use their canonical browsing parsers to validate the handshake's response, and theirs do not
seem to require a status text:
https://chromium.googlesource.com/chromium/chromium/+/fe2e997ac2990d3d5b9c8abe653776830aaf8c28/net/http/http_response_headers.cc#728
https://searchfox.org/mozilla-central/source/netwerk/protocol/http/nsHttpResponseHead.cpp#506

whereas webkit requires the status-code sent between two spaces:
https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp?rev=249013#L453

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190923/34e4e0fa/attachment-0001.html>

More information about the webkit-unassigned mailing list