Bug 1269632
| Summary: | Websocket proxy reply is returning non-conformant sec-websocket-protocol header | ||
|---|---|---|---|
| Product: | OpenShift Online | Reporter: | João Victor Duarte Martins <jvdm> |
| Component: | Routing | Assignee: | Miciah Dashiel Butler Masters <mmasters> |
| Status: | CLOSED WONTFIX | QA Contact: | zhaozhanqi <zzhao> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 2.x | CC: | abhgupta, aos-bugs, dmcphers, kseifried |
| Target Milestone: | --- | Keywords: | UpcomingRelease |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-05-31 18:22:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I tried but the openshift app/dns leaked: router-eldiot.rhcloud.com :-) No concerns on PS's part. Thanks for letting me know though. We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause. |
Description of problem: During websocket handshake Opnshift's websocket proxy running at :8000 is always giving out a list of subprotocols selected by the client in `sec-websocket-protocol`, instead of passing the header value given by the original websocket server endpoint. This is non-conformant behavior according to RFC6455: /subprotocol/ Either a single value representing the subprotocol the server is ready to use or null. The value chosen MUST be derived from the client's handshake, specifically by selecting one of the values from the |Sec-WebSocket-Protocol| field that the server is willing to use for this connection (if any). Version-Release number of selected component (if applicable): N/A How reproducible: Always. Steps to Reproduce: I'm running a `crossbar.io` router (which uses WAMP-over-websocket): On an OpenShift `rhc ssh` session (hostnames and dns omitted): [<app-name>-<dns-name>.rhcloud.com <user-id>]\> telnet $OPENSHIFT_DIY_IP $OPENSHIFT_DIY_PORT Trying 127.7.221.129... Connected to 127.7.221.129. Escape character is '^]'. GET /ws HTTP/1.1 Host: <app-name>-<dns-name>.rhcloud.com:8000 Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json Sec-WebSocket-Version: 13 HTTP/1.1 101 Switching Protocols Server: Crossbar/0.11.1 X-Powered-By: AutobahnPython/0.10.9 Upgrade: WebSocket Connection: Upgrade Sec-WebSocket-Protocol: wamp.2.json.batched Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= ^CConnection closed by foreign host. [router-eldiot.rhcloud.com <user-id>]\> On a local session outside OpenShift: $ nc <app-name>-<dns-name>.rhcloud.com 8000 GET /ws HTTP/1.1 Host: <app-name>-<dns-name>.rhcloud.com:8000 Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json Sec-WebSocket-Version: 13 HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json $ Actual results: Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json Expected results: Sec-WebSocket-Protocol: wamp.2.json.batched Additional info: None