https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
--- Comment #11 from Sara Adam ---
(In reply to Christopher Schultz from comment #1)
> Seems reasonable.
> https://suikagame.io
> Care you provide a patch/PR?
Everything looks reasonable, but there are still some internal problems that
need
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
Mark Thomas changed:
What|Removed |Added
Status|NEEDINFO|NEW
--- Comment #9 from Mark Thomas ---
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
Mark Thomas changed:
What|Removed |Added
Status|NEW |NEEDINFO
--- Comment #8 from Mark Thomas
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
--- Comment #7 from Mark Thomas ---
Fixed in:
- 11.0.x for 11.0.0-M5 onwards
- 10.1.x for 10.1.8 onwards
As per schultz's suggestion, I am going to wait at least one release cycle
before back-porting this to 9.0.x and 8.5.x in case there are c
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
--- Comment #6 from Christopher Schultz ---
(In reply to Remy Maucherat from comment #4)
> This could break things if someone we find out that clients have been using
> random values there instead of faithfully implementing the specification.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
--- Comment #5 from Mark Thomas ---
Yes, but.
Historically, we have been generally unsympathetic to clients that don't follow
the relevant specs.
Given there doesn't seem to be any advantage for the server here (the feature
benefits clients)
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
--- Comment #4 from Remy Maucherat ---
This could break things if someone we find out that clients have been using
random values there instead of faithfully implementing the specification.
--
You are receiving this mail because:
You are the a
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
--- Comment #3 from Mark Thomas ---
Sorry, comment was posted while incomplete. Continuing...
The changes required for c) are such that it would be simpler just to do the
decode.
I'd lean towards the a) + b) approach but have no objection to
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
--- Comment #2 from Mark Thomas ---
Throwing an exception isn't appropriate here. Just returning SC_BAD_REQUEST is
sufficient.
I'll note that RFC 6455 also states:
"It is not necessary for the server to base64-decode the |Sec-WebSocket-Key|
v
https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
--- Comment #1 from Christopher Schultz ---
Seems reasonable.
Care you provide a patch/PR?
--
You are receiving this mail because:
You are the assignee for the bug.
-
To uns
11 matches
Mail list logo
