Bug 1269632 - Websocket proxy reply is returning non-conformant sec-websocket-protocol header
Summary: Websocket proxy reply is returning non-conformant sec-websocket-protocol header
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Routing
Version: 2.x
Hardware: All
OS: All
unspecified
medium
Target Milestone: ---
: ---
Assignee: Miciah Dashiel Butler Masters
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-10-07 19:25 UTC by João Victor Duarte Martins
Modified: 2017-05-31 18:22 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-05-31 18:22:11 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description João Victor Duarte Martins 2015-10-07 19:25:21 UTC
Description of problem:

During websocket handshake Opnshift's websocket proxy running at :8000 is
always giving out a list of subprotocols selected by the client in
`sec-websocket-protocol`, instead of passing the header value given by the
original websocket server endpoint.

This is non-conformant behavior according to RFC6455:

    /subprotocol/
        Either a single value representing the subprotocol the server
        is ready to use or null.  The value chosen MUST be derived
        from the client's handshake, specifically by selecting one of
        the values from the |Sec-WebSocket-Protocol| field that the
        server is willing to use for this connection (if any).

Version-Release number of selected component (if applicable):

N/A

How reproducible:

Always.

Steps to Reproduce:

I'm running a `crossbar.io` router (which uses WAMP-over-websocket):

On an OpenShift `rhc ssh` session (hostnames and dns omitted):

    [<app-name>-<dns-name>.rhcloud.com <user-id>]\> telnet $OPENSHIFT_DIY_IP $OPENSHIFT_DIY_PORT
    Trying 127.7.221.129...
    Connected to 127.7.221.129.
    Escape character is '^]'.
    GET /ws HTTP/1.1
    Host: <app-name>-<dns-name>.rhcloud.com:8000
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
    Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json
    Sec-WebSocket-Version: 13

    HTTP/1.1 101 Switching Protocols
    Server: Crossbar/0.11.1
    X-Powered-By: AutobahnPython/0.10.9
    Upgrade: WebSocket
    Connection: Upgrade
    Sec-WebSocket-Protocol: wamp.2.json.batched
    Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=

    ^CConnection closed by foreign host.
    [router-eldiot.rhcloud.com <user-id>]\>

On a local session outside OpenShift:

    $ nc <app-name>-<dns-name>.rhcloud.com 8000
    GET /ws HTTP/1.1
    Host: <app-name>-<dns-name>.rhcloud.com:8000
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
    Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json
    Sec-WebSocket-Version: 13

    HTTP/1.1 101 Switching Protocols
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
    Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json
    $

Actual results:

    Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json

Expected results:

    Sec-WebSocket-Protocol: wamp.2.json.batched

Additional info:

    None

Comment 1 João Victor Duarte Martins 2015-10-07 19:28:07 UTC
I tried but the openshift app/dns leaked: router-eldiot.rhcloud.com :-)

Comment 3 Kurt Seifried 2015-10-20 17:07:40 UTC
No concerns on PS's part. Thanks for letting me know though.

Comment 4 Eric Paris 2017-05-31 18:22:11 UTC
We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause.


Note You need to log in before you can comment on or make changes to this bug.