Bug 1269632 - Websocket proxy reply is returning non-conformant sec-websocket-protocol header
Websocket proxy reply is returning non-conformant sec-websocket-protocol header
Status: CLOSED WONTFIX
Product: OpenShift Online
Classification: Red Hat
Component: Routing (Show other bugs)
2.x
All All
unspecified Severity medium
: ---
: ---
Assigned To: Miciah Dashiel Butler Masters
zhaozhanqi
: UpcomingRelease
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-07 15:25 EDT by João Victor Duarte Martins
Modified: 2017-05-31 14:22 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-05-31 14:22:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description João Victor Duarte Martins 2015-10-07 15:25:21 EDT
Description of problem:

During websocket handshake Opnshift's websocket proxy running at :8000 is
always giving out a list of subprotocols selected by the client in
`sec-websocket-protocol`, instead of passing the header value given by the
original websocket server endpoint.

This is non-conformant behavior according to RFC6455:

    /subprotocol/
        Either a single value representing the subprotocol the server
        is ready to use or null.  The value chosen MUST be derived
        from the client's handshake, specifically by selecting one of
        the values from the |Sec-WebSocket-Protocol| field that the
        server is willing to use for this connection (if any).

Version-Release number of selected component (if applicable):

N/A

How reproducible:

Always.

Steps to Reproduce:

I'm running a `crossbar.io` router (which uses WAMP-over-websocket):

On an OpenShift `rhc ssh` session (hostnames and dns omitted):

    [<app-name>-<dns-name>.rhcloud.com <user-id>]\> telnet $OPENSHIFT_DIY_IP $OPENSHIFT_DIY_PORT
    Trying 127.7.221.129...
    Connected to 127.7.221.129.
    Escape character is '^]'.
    GET /ws HTTP/1.1
    Host: <app-name>-<dns-name>.rhcloud.com:8000
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
    Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json
    Sec-WebSocket-Version: 13

    HTTP/1.1 101 Switching Protocols
    Server: Crossbar/0.11.1
    X-Powered-By: AutobahnPython/0.10.9
    Upgrade: WebSocket
    Connection: Upgrade
    Sec-WebSocket-Protocol: wamp.2.json.batched
    Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=

    ^CConnection closed by foreign host.
    [router-eldiot.rhcloud.com <user-id>]\>

On a local session outside OpenShift:

    $ nc <app-name>-<dns-name>.rhcloud.com 8000
    GET /ws HTTP/1.1
    Host: <app-name>-<dns-name>.rhcloud.com:8000
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
    Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json
    Sec-WebSocket-Version: 13

    HTTP/1.1 101 Switching Protocols
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
    Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json
    $

Actual results:

    Sec-WebSocket-Protocol: wamp.2.json.batched,wamp.2.json

Expected results:

    Sec-WebSocket-Protocol: wamp.2.json.batched

Additional info:

    None
Comment 1 João Victor Duarte Martins 2015-10-07 15:28:07 EDT
I tried but the openshift app/dns leaked: router-eldiot.rhcloud.com :-)
Comment 3 Kurt Seifried 2015-10-20 13:07:40 EDT
No concerns on PS's part. Thanks for letting me know though.
Comment 4 Eric Paris 2017-05-31 14:22:11 EDT
We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause.

Note You need to log in before you can comment on or make changes to this bug.