[html5] r4825 - [e] (0) Clarify that fields can be sent in a random order.

whatwg at whatwg.org whatwg at whatwg.org
Thu Mar 4 17:32:52 PST 2010


Author: ianh
Date: 2010-03-04 17:32:51 -0800 (Thu, 04 Mar 2010)
New Revision: 4825

Modified:
   complete.html
   source
Log:
[e] (0) Clarify that fields can be sent in a random order.

Modified: complete.html
===================================================================
--- complete.html	2010-03-04 20:55:17 UTC (rev 4824)
+++ complete.html	2010-03-05 01:32:51 UTC (rev 4825)
@@ -157,7 +157,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG src=/images/logo></a></p>
    <hgroup><h1>Web Applications 1.0</h1>
-    <h2 class="no-num no-toc">Draft Standard — 4 March 2010</h2>
+    <h2 class="no-num no-toc">Draft Standard — 5 March 2010</h2>
    </hgroup><p>You can take part in this work. <a href=http://www.whatwg.org/mailing-list>Join the working group's discussion list.</a></p>
    <p><strong>Web designers!</strong> We have a <a href=http://blog.whatwg.org/faq/>FAQ</a>, a <a href=http://forums.whatwg.org/>forum</a>, and a <a href=http://www.whatwg.org/mailing-list#help>help mailing list</a> for you!</p>
    <!--<p class="impl"><strong>Implementors!</strong> We have a <a href="http://www.whatwg.org/mailing-list#implementors">mailing list</a> for you too!</p>-->
@@ -67495,6 +67495,9 @@
 Upgrade: WebSocket
 Connection: Upgrade</pre>
 
+  <p>Fields in the handshake are sent by the client in a random order;
+  the order is not meaningful.</p>
+
   <p>Additional fields are used to select options in the WebSocket
   protocol. The only option available in this version is the
   subprotocol selector, <code title=http-sec-websocket-protocol><a href=#sec-websocket-protocol>Sec-WebSocket-Protocol</a></code>:</p>
@@ -67506,10 +67509,10 @@
   intends to use. The server echoes this field in its handshake to
   indicate that it supports that subprotocol.</p>
 
-  <p>The remainder of the handshake is all security-related. First,
-  the <code title=http-host>Host</code> field is used to protect
-  against DNS rebinding attacks and to allow multiple domains to be
-  served from one IP address.</p>
+  <p>The other fields in the handshake is all security-related.  The
+  <code title=http-host>Host</code> field is used to protect against
+  DNS rebinding attacks and to allow multiple domains to be served
+  from one IP address.</p>
 
   <pre>Host: example.com</pre>
 
@@ -67517,9 +67520,9 @@
   field of its handshake, so that both the client and the server can
   verify that they agree on which host is in use.</p>
 
-  <p>Second, the <code title=http-origin>Origin</code> field is
-  used to protect against unauthorized cross-origin use of a WebSocket
-  server by scripts using the <code><a href=#websocket>WebSocket</a></code> API in a Web
+  <p>The <code title=http-origin>Origin</code> field is used to
+  protect against unauthorized cross-origin use of a WebSocket server
+  by scripts using the <code><a href=#websocket>WebSocket</a></code> API in a Web
   browser. The server specifies which origin it is willing to receive
   requests from by including a <code title=http-sec-websocket-origin><a href=#sec-websocket-origin>Sec-WebSocket-Origin</a></code> field
   with that origin. If multiple origins are authorized, the server

Modified: source
===================================================================
--- source	2010-03-04 20:55:17 UTC (rev 4824)
+++ source	2010-03-05 01:32:51 UTC (rev 4825)
@@ -75871,6 +75871,9 @@
 Upgrade: WebSocket
 Connection: Upgrade</pre>
 
+  <p>Fields in the handshake are sent by the client in a random order;
+  the order is not meaningful.</p>
+
   <p>Additional fields are used to select options in the WebSocket
   protocol. The only option available in this version is the
   subprotocol selector, <code
@@ -75883,10 +75886,10 @@
   intends to use. The server echoes this field in its handshake to
   indicate that it supports that subprotocol.</p>
 
-  <p>The remainder of the handshake is all security-related. First,
-  the <code title="http-host">Host</code> field is used to protect
-  against DNS rebinding attacks and to allow multiple domains to be
-  served from one IP address.</p>
+  <p>The other fields in the handshake is all security-related.  The
+  <code title="http-host">Host</code> field is used to protect against
+  DNS rebinding attacks and to allow multiple domains to be served
+  from one IP address.</p>
 
   <pre>Host: example.com</pre>
 
@@ -75895,9 +75898,9 @@
   field of its handshake, so that both the client and the server can
   verify that they agree on which host is in use.</p>
 
-  <p>Second, the <code title="http-origin">Origin</code> field is
-  used to protect against unauthorized cross-origin use of a WebSocket
-  server by scripts using the <code>WebSocket</code> API in a Web
+  <p>The <code title="http-origin">Origin</code> field is used to
+  protect against unauthorized cross-origin use of a WebSocket server
+  by scripts using the <code>WebSocket</code> API in a Web
   browser. The server specifies which origin it is willing to receive
   requests from by including a <code
   title="http-sec-websocket-origin">Sec-WebSocket-Origin</code> field




More information about the Commit-Watchers mailing list