freenode :: #whatwg

27 Mar 2017
10:03noxWhere in the Fetch spec does it say to set the Origin header for WebSocket requests?
10:19MikeSmithnox: where it mentions ws: and wss: protocol?
10:19MikeSmithI thought it does there
10:19* MikeSmith loosk
10:19noxMikeSmith: I don't see that.
10:20noxMikeSmith: All I see is "If the CORS flag is set or httpRequests method is neither `GET` nor `HEAD`, then append `Origin`/httpRequests origin, serialized and UTF-8 encoded, to httpRequests header list."
10:20noxStep 11 of http-network-or-cache-fetch,
10:20noxbut AFAIK with a WebSocket request the CORS flag is unset.
10:21MikeSmithhmm then maybe in the HTML spec, where it calls the fetch algorithm for WebSocket requests
10:21noxMikeSmith: Doesn't seem like it.
10:22MikeSmithI see that just references
10:25noxMikeSmith: Seems like the step I mentioned should have an additional condition,
10:25noxMikeSmith: 'or request's mode is "websocket"'
10:30MikeSmithhmm yeah
10:36noxMikeSmith: When going through establish a ws connection,
10:36noxMikeSmith: can the response returned by basic fetch ever be a filtered response?
10:36noxIn step 14 of, that is.
10:37* MikeSmith loosk
10:41MikeSmithnox: if the response tainting is the default basic it can, right?
10:41noxMikeSmith: Maybe?
10:41botiei heard Maybe was botie taking notes of who are going to TPAC
10:41MikeSmithrequests mode is "navigate" or "websocket"
10:41MikeSmith Set requests response tainting to "basic".
10:42annevknox: if even same-origin WebSocket includes it I agree that we need a change there
10:42noxMikeSmith: Yeah but I'm not sure it matters in the particular case of websocket.
10:42MikeSmithSet response to the following filtered response with response as its internal response, depending on requests response tainting:
10:42annevknox: I guess the WebSocket handshake request uses GET?
10:42MikeSmith basic filtered response
10:42noxannevk: It does.
10:42MikeSmithyeah it does
10:43annevknox: I think you're right then that we need to include mode is websocket
10:43MikeSmithit does use GET because it defaults to that, right?
10:44noxMikeSmith: Oh I see the step you pasted,
10:44noxMikeSmith: but the previous step to the one which you pasted is "If response is not a network error and response is not a filtered response, then run these substeps:",
10:45noxMikeSmith: can HTTP fetch itself return a filtered response for ws?
10:45MikeSmithnox: it cannot there as far as I can see
10:48noxMikeSmith: Thanks!
10:50MikeSmiththe more I read the Fetch spec the more I think theres no way to understand it without implementing it
10:50MikeSmithwhich Im not doing
10:51MikeSmithbut which I guess you are
10:52noxMikeSmith: It's worse than that.
10:52noxMikeSmith: Our Fetch impl currently doesn't allow us to use these algos from the websocket case,
10:52noxMikeSmith: and the three existing Rust impls of websocket don't play well with that spec in general,
10:53noxso I'm reimplementing these algos special-cased for ws, and doing ws handshake myself from Servo's code directly.
10:53noxThe unfiltered internal response does not matter in the ws case, right?
10:54noxActually, does filtering these responses matter at all?
10:54noxThe response is never exposed to the Web for websockets, right?
10:55MikeSmithI guess not unless some other spec says it is?
10:55noxMikeSmith: You devil.
10:55MikeSmithwhich if so should only be the HTML spec Id think
10:57MikeSmiththe Fetch spec should be used on people as a test of how must perseverance they have
11:36noxMikeSmith, annevk:
11:49noxannevk: Amended.
11:49annevknox: do you know if we have tests?
11:50noxannevk: Absolutely no idea, but the Origin header seems core to WS to me, so it wouldn't surprise me if we do.
27 Mar 2017
Last message: 54 minutes and 44 seconds ago