[html5] r4286 - [giow] (0) Drop authentication support from WebSocket for now. To be revisted in v2.
whatwg at whatwg.org
whatwg at whatwg.org
Thu Oct 22 21:09:28 PDT 2009
Author: ianh
Date: 2009-10-22 21:09:25 -0700 (Thu, 22 Oct 2009)
New Revision: 4286
Modified:
complete.html
source
Log:
[giow] (0) Drop authentication support from WebSocket for now. To be revisted in v2.
Modified: complete.html
===================================================================
--- complete.html 2009-10-23 03:48:11 UTC (rev 4285)
+++ complete.html 2009-10-23 04:09:25 UTC (rev 4286)
@@ -66778,11 +66778,12 @@
<li>
- <p>If the client has any authentication information or cookies
- that would be relevant to a resource accessed over HTTP, if <var title="">secure</var> is false, or HTTPS, if it is true, on host
- <var title="">host</var>, port <var title="">port</var>, with <var title="">resource name</var> as the path (and possibly query
- parameters), then HTTP headers that would be appropriate for that
- information should be sent at this point.
+ <p>If the client has any <!--(v2-ws-auth) authentication
+ information or--> cookies that would be relevant to a resource
+ accessed over HTTP, if <var title="">secure</var> is false, or
+ HTTPS, if it is true, on host <var title="">host</var>, port <var title="">port</var>, with <var title="">resource name</var> as the
+ path (and possibly query parameters), then HTTP headers that would
+ be appropriate for that information should be sent at this point.
<a href=#refsHTTP>[HTTP]</a>
<a href=#refsCOOKIES>[COOKIES]</a>
@@ -66793,16 +66794,19 @@
be split into multiple lines (despite HTTP otherwise allowing this
with continuation lines).</p>
- <div class=example>
+<!--(v2-ws-auth)
+ <div class="example">
<p>For example, if the server had a username and password that
applied to <code title="">http://example.com/socket</code>, and
- the Web Socket was being opened to <code title="">ws://example.com/socket</code>, it could send
+ the Web Socket was being opened to <code
+ title="">ws://example.com/socket</code>, it could send
them:</p>
<pre>Authorization: Basic d2FsbGU6ZXZl</pre>
</div>
+-->
</li>
@@ -66853,19 +66857,25 @@
be established.</p> <!-- we might update this as HTTP is updated,
depending on whether it remains compatible or whatnot -->
+<!--(v2-ws-auth)
<p>Otherwise, let <var title="">code</var> be the substring of
<var title="">header</var> that starts from the byte after the
first 0x20 byte, and ends with the byte before the second 0x20
- byte. If there are not at least two 0x20 bytes in <var title="">header</var>, then <a href=#fail-the-web-socket-connection>fail the Web Socket
- connection</a> and abort these steps.</p>
-<!--
+ byte. If there are not at least two 0x20 bytes in <var
+ title="">header</var>, then <span>fail the Web Socket
+ connection</span> and abort these steps.</p>
+-->
+<!--(v2-redirect)
<p>If <var title="">code</var>, interpreted as ASCII, is either
"<code title="">301</code>", "<code title="">302</code>", "<code
title="">303</code>", "<code title="">307</code>", then let <var
title="">mode</var> be <i title="">redirect</i>.
-->
- <p>If <var title="">code</var>, interpreted as ASCII, is "<code title="">401</code>", then let <var title="">mode</var> be <i title="">authenticate</i>.
-
+<!--(v2-ws-auth)
+ <p>If <var title="">code</var>, interpreted as ASCII, is "<code
+ title="">401</code>", then let <var title="">mode</var> be <i
+ title="">authenticate</i>.
+-->
<p>Otherwise, <a href=#fail-the-web-socket-connection>fail the Web Socket connection</a> and
abort these steps.</p>
@@ -66893,8 +66903,10 @@
connection</a> if the server does not respond with the above
bytes within a suitable time period.</p>
- <p class=note>This step is skipped if <var title="">mode</var>
- is <!--<i title="">redirect</i> or--> <i title="">authenticate</i>.</p>
+<!--(v2-ws-auth) (v2-redirect)
+ <p class="note">This step is skipped if <var title="">mode</var>
+ is <i title="">redirect</i> or <i title="">authenticate</i>.</p>
+-->
</li>
@@ -67111,7 +67123,7 @@
<dd>Ignore it.</dd>
- </dl><hr><!--
+ </dl><hr><!--(v2-redirect)
redirect support
we should probably reintroduce this at some point, with the
multi-origin semantics described in [ORIGIN] applying. (http-origin)
@@ -67167,30 +67179,37 @@
<dd>Ignore it.</dd>
</dl>
+--><!--(v2-ws-auth)
+ <hr>
- <hr>
---><p>If <var title="">mode</var> is <i title="">authenticate</i>,
- then: If there is not exactly one entry in the <var title="">headers</var> list whose name is "<code title="">www-authenticate</code>", then <a href=#fail-the-web-socket-connection>fail the Web Socket
- connection</a> and abort these steps. Otherwise, handle each
+ <p>If <var title="">mode</var> is <i title="">authenticate</i>,
+ then: If there is not exactly one entry in the <var
+ title="">headers</var> list whose name is "<code
+ title="">www-authenticate</code>", then <span>fail the Web Socket
+ connection</span> and abort these steps. Otherwise, handle each
entry in the <var title="">headers</var> list as follows:</p>
- <dl class=switch><dt>If the entry's name is "<code title="">www-authenticate</code>"</dt>
+ <dl class="switch">
+ <dt>If the entry's name is "<code
+ title="">www-authenticate</code>"</dt>
+
<dd><p>Obtain credentials in a manner consistent with the
requirements for handling the <code>WWW-Authenticate</code>
header in HTTP, and then close the connection (if the server has
not already done so) and jump back to the step labeled
<i>connect</i>, including the relevant authentication headers in
the new request.
- <a href=#refsHTTP>[HTTP]</a>
+ <a href="#refsHTTP">[HTTP]</a>
+--><!--
+ </p></dd>
- </dd>
-
<dt>Any other name</dt>
<dd>Ignore it.</dd>
- </dl></li>
+ </dl>
+--></li>
<li>
@@ -67458,8 +67477,8 @@
<dd>
- <p>Other fields can be used, such as "<code title="">Cookie</code>" or "<code>Authorization</code>", for
- authentication purposes.</p>
+ <p>Other fields can be used, such as "<code title="">Cookie</code>"<!--(v2-ws-auth) or
+ "<code>Authorization</code>"-->, for authentication purposes.</p>
</dd>
Modified: source
===================================================================
--- source 2009-10-23 03:48:11 UTC (rev 4285)
+++ source 2009-10-23 04:09:25 UTC (rev 4286)
@@ -75057,13 +75057,13 @@
<li>
- <p>If the client has any authentication information or cookies
- that would be relevant to a resource accessed over HTTP, if <var
- title="">secure</var> is false, or HTTPS, if it is true, on host
- <var title="">host</var>, port <var title="">port</var>, with <var
- title="">resource name</var> as the path (and possibly query
- parameters), then HTTP headers that would be appropriate for that
- information should be sent at this point.
+ <p>If the client has any <!--(v2-ws-auth) authentication
+ information or--> cookies that would be relevant to a resource
+ accessed over HTTP, if <var title="">secure</var> is false, or
+ HTTPS, if it is true, on host <var title="">host</var>, port <var
+ title="">port</var>, with <var title="">resource name</var> as the
+ path (and possibly query parameters), then HTTP headers that would
+ be appropriate for that information should be sent at this point.
<!--END complete-->
<a href="#refsRFC2616">[RFC2616]</a>
<a href="#refsRFC2109">[RFC2109]</a>
@@ -75079,6 +75079,7 @@
be split into multiple lines (despite HTTP otherwise allowing this
with continuation lines).</p>
+<!--(v2-ws-auth)
<div class="example">
<p>For example, if the server had a username and password that
@@ -75090,6 +75091,7 @@
<pre>Authorization: Basic d2FsbGU6ZXZl</pre>
</div>
+-->
</li>
@@ -75141,22 +75143,25 @@
be established.</p> <!-- we might update this as HTTP is updated,
depending on whether it remains compatible or whatnot -->
+<!--(v2-ws-auth)
<p>Otherwise, let <var title="">code</var> be the substring of
<var title="">header</var> that starts from the byte after the
first 0x20 byte, and ends with the byte before the second 0x20
byte. If there are not at least two 0x20 bytes in <var
title="">header</var>, then <span>fail the Web Socket
connection</span> and abort these steps.</p>
-<!--
+-->
+<!--(v2-redirect)
<p>If <var title="">code</var>, interpreted as ASCII, is either
"<code title="">301</code>", "<code title="">302</code>", "<code
title="">303</code>", "<code title="">307</code>", then let <var
title="">mode</var> be <i title="">redirect</i>.
-->
+<!--(v2-ws-auth)
<p>If <var title="">code</var>, interpreted as ASCII, is "<code
title="">401</code>", then let <var title="">mode</var> be <i
title="">authenticate</i>.
-
+-->
<p>Otherwise, <span>fail the Web Socket connection</span> and
abort these steps.</p>
@@ -75184,8 +75189,10 @@
connection</span> if the server does not respond with the above
bytes within a suitable time period.</p>
+<!--(v2-ws-auth) (v2-redirect)
<p class="note">This step is skipped if <var title="">mode</var>
- is <!--<i title="">redirect</i> or--> <i title="">authenticate</i>.</p>
+ is <i title="">redirect</i> or <i title="">authenticate</i>.</p>
+-->
</li>
@@ -75439,7 +75446,7 @@
</dl>
<hr>
-<!--
+<!--(v2-redirect)
redirect support
we should probably reintroduce this at some point, with the
multi-origin semantics described in [ORIGIN] applying. (http-origin)
@@ -75495,9 +75502,10 @@
<dd>Ignore it.</dd>
</dl>
+-->
+<!--(v2-ws-auth)
<hr>
--->
<p>If <var title="">mode</var> is <i title="">authenticate</i>,
then: If there is not exactly one entry in the <var
@@ -75517,11 +75525,11 @@
not already done so) and jump back to the step labeled
<i>connect</i>, including the relevant authentication headers in
the new request.
-<!--END complete-->
+--><!--END complete--><!--
<a href="#refsRFC2616">[RFC2616]</a>
-<!--START complete--><!--END websocket-protocol-->
+--><!--START complete--><!--END websocket-protocol--><!--
<a href="#refsHTTP">[HTTP]</a>
-<!--START websocket-protocol-->
+--><!--START websocket-protocol--><!--
</p></dd>
<dt>Any other name</dt>
@@ -75529,6 +75537,7 @@
<dd>Ignore it.</dd>
</dl>
+-->
</li>
@@ -75847,8 +75856,8 @@
<dd>
<p>Other fields can be used, such as "<code
- title="">Cookie</code>" or "<code>Authorization</code>", for
- authentication purposes.</p>
+ title="">Cookie</code>"<!--(v2-ws-auth) or
+ "<code>Authorization</code>"-->, for authentication purposes.</p>
</dd>
More information about the Commit-Watchers
mailing list