Comments (7)
shenfeng
commented on May 12, 2024
Hi, currently, with-channel does not allow send the handshake aromatically, and does not allow customization.
If you want to, you can look at the implementation detail:
https://github.com/http-kit/http-kit/blob/master/src/org/httpkit/server.clj#L88
Here is an example
(defn handler [request]
(let [^AsyncChannel channl (:async-channel request)]
(if (:websocket? ~request)
(if-let [key# (get-in ~request [:headers "sec-websocket-key"])]
(do (.sendHandshake channl
{"Upgrade" "websocket"
"Connection" "Upgrade"
"X-Your-other-header" "value"
"Sec-WebSocket-Accept" (accept key#)})
;; DO what is required, like save the channel
;; return the channel is required
channl
)))))What do you think?
If there is a way to allow customize the handeshake, and does not complicate the API, I will be more than glad to add it.
from http-kit.
cgmartin
commented on May 12, 2024
Thanks for the overview!
My first thoughts were around making a custom with-channel macro in my application and merging a custom header map during .sendHandshake, ie:
(defmacro with-channel-and-headers [request ch-name handshake-headers & body]
;;...
(do (.sendHandshake channl
(merge handshake-headers
{"Upgrade" "websocket"
"Connection" "Upgrade"
"X-Your-other-header" "value"
"Sec-WebSocket-Accept" (accept key#)}))
;;...But now that I'm reading the WebSocket rfc6455 spec, there may be some deeper logic required during .sendHandshake:
If the response includes a |Sec-WebSocket-Protocol| header field
and this header field indicates the use of a subprotocol that was
not present in the client's handshake (the server has indicated a
subprotocol not requested by the client), the client MUST _Fail
the WebSocket Connection_.
This implies some comparison is done with the client's request Sec-WebSocket-Protocol header?
I'll do some more research into this protocol handshaking and look through the Java .sendHandshake code to orient myself. Thanks again!
from http-kit.
cgmartin
commented on May 12, 2024
I have a pretty good idea now how to do this with a custom with-channel macro. I'll get it working in my app first and then share it here. Going to close this one since I don't have any other questions. Thanks again for the pointers.
from http-kit.
cgmartin
commented on May 12, 2024
In case it's of any interest, here is what I did to validate the websocket subprotocol (and origin header) during the handshake:
https://gist.github.com/cgmartin/5880732
The current with-channel is great for most cases I think (and flexible to support the long-polling fallback). I'm not sure if you'd like this one in http-kit proper, but you're more than welcome to use it.
Cheers!
from http-kit.
shenfeng
commented on May 12, 2024
I add it to the documentation: http://http-kit.org/server.html#handshake
from http-kit.
brandonbloom
commented on May 12, 2024
I came across another use-case for customizing the handshake: Sending a "Set-Cookie" header. Would be nice to have some way to customize the handshake headers.
from http-kit.
theronic
commented on May 12, 2024
Would the Websocket handshake be an appropriate place to authenticate websocket connections, where the handshake looks for some headers or data in the Upgrade request? On client websocket connection, server would issue a session token based on initial data or headers, which would have to be verifiable going forward.
from http-kit.
Related Issues (20)
- Race condition in TimerService.scheduleTask HOT 2
- Ring websocket API support HOT 4
- Problem in native-image and HttpUtils when using virtual threads HOT 11
- 2.8.0-beta2 has CIDER dependencies HOT 3
- CURL and finagle failing to parse :set-cookies with '\n' HOT 13
- Unix socket benchmark HOT 1
- It will turn headers into camel format HOT 2
- logger-warn gets rebound HOT 1
- logger-warn and error-warn are passed in wrong order to HttpServer constructor HOT 1
- Requests which throw java.net.ConnectException may actually succeed HOT 3
- Request Map doesn't contain information about authority HOT 8
- http-kit v2.8.0-RC1 HOT 1
- http-kit v2.8.0 final HOT 1
- Consider adding `Content-Type: text/plain` to HTTP 500 response in `org.httpkit.server.HttpHandler#run` HOT 6
- v2.7.0 SNI change broke connections to plain IP addresses with SSLHandshakeException "Hostname or IP address is undefined." HOT 8
- Add options for encoding nested form and query params a la clj-http HOT 7
- WebTransport support HOT 2
- NoSuchMethodError on projects AOT'd on java 21 but run on earlier java versions HOT 13
- [Proposal][Client] Consider more idiomatic bridges with JVM async paradigms HOT 5
- "Unmasked client to server frame" causes 502s HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from http-kit.