[html5] r4828 - [t] (0) Allow server to specify cookie-related fields. (Editorial: Also, change [...]
whatwg at whatwg.org
whatwg at whatwg.org
Thu Mar 4 17:56:02 PST 2010
Author: ianh
Date: 2010-03-04 17:56:01 -0800 (Thu, 04 Mar 2010)
New Revision: 4828
Modified:
complete.html
source
Log:
[t] (0) Allow server to specify cookie-related fields. (Editorial: Also, change the server-side rules to use <sub> like the client-side rules.)
Modified: complete.html
===================================================================
--- complete.html 2010-03-05 01:37:44 UTC (rev 4827)
+++ complete.html 2010-03-05 01:56:01 UTC (rev 4828)
@@ -67613,7 +67613,7 @@
client's handshake to verify the correctness of the values.</p>
<p>Option fields can also be included. In this version of the
- protocol, the only option field is <code title=http-sec-websocket-protocol><a href=#sec-websocket-protocol>Sec-WebSocket-Protocol</a></code>,
+ protocol, the main option field is <code title=http-sec-websocket-protocol><a href=#sec-websocket-protocol>Sec-WebSocket-Protocol</a></code>,
which indicates the subprotocol that the server speaks. Web browsers
verify that the server included the same value as was specified in
the <code><a href=#websocket>WebSocket</a></code> constructor, so a server that speaks
@@ -67622,6 +67622,9 @@
<pre>Sec-WebSocket-Protocol: chat</pre>
+ <p>The server can also set cookie-related option fields to
+ <em>set</em> cookies, as in HTTP.</p>
+
<p>After the fields, the server sends the aforementioned MD5 sum, a
16 byte (128 bit) value, shown here as if interpreted as ASCII:</p>
@@ -69158,17 +69161,17 @@
value. The empty string is not the same as the null value for
these purposes.</dd>
- <dt><var title="">key1</var></dt>
+ <dt><var title="">key<sub title="">1</sub></var></dt>
<dd>The value of the "<code title=http-sec-websocket-key1><a href=#sec-websocket-key1-and-sec-websocket-key2>Sec-WebSocket-Key1</a></code>"
field in the client's handshake.</dd>
- <dt><var title="">key2</var></dt>
+ <dt><var title="">key<sub title="">2</sub></var></dt>
<dd>The value of the "<code title=http-sec-websocket-key2><a href=#sec-websocket-key1-and-sec-websocket-key2>Sec-WebSocket-Key2</a></code>"
field in the client's handshake.</dd>
- <dt><var title="">key3</var></dt>
+ <dt><var title="">key<sub title="">3</sub></var></dt>
<dd>The eight random bytes sent after the first 0x0D 0x0A 0x0D
0x0A sequence in the client's handshake.</dd>
@@ -69185,15 +69188,15 @@
<li>
- <p>Let <var title="">key1-number</var> be the digits (characters
+ <p>Let <var title="">key-number<sub title="">1</sub></var> be the digits (characters
in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
- <var title="">key1</var>, interpreted as a base ten integer,
- ignoring all other characters in <var title="">key1</var>.</p>
+ <var title="">key<sub title="">1</sub></var>, interpreted as a base ten integer,
+ ignoring all other characters in <var title="">key<sub title="">1</sub></var>.</p>
- <p>Let <var title="">key2-number</var> be the digits (characters
+ <p>Let <var title="">key-number<sub title="">2</sub></var> be the digits (characters
in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
- <var title="">key2</var>, interpreted as a base ten integer,
- ignoring all other characters in <var title="">key2</var>.</p>
+ <var title="">key<sub title="">2</sub></var>, interpreted as a base ten integer,
+ ignoring all other characters in <var title="">key<sub title="">2</sub></var>.</p>
<div class=example>
@@ -69209,11 +69212,11 @@
WjN}|M(6</pre>
- <p>The <var title="">key1-number</var> would be the number
- 3,626,341,780, and the <var title="">key2-number</var> would be
+ <p>The <var title="">key-number<sub title="">1</sub></var> would be the number
+ 3,626,341,780, and the <var title="">key-number<sub title="">2</sub></var> would be
the number 1,799,227,390.</p>
- <p>In this example, incidentally, <var title="">key3</var> is
+ <p>In this example, incidentally, <var title="">key<sub title="">3</sub></var> is
"WjN}|M(6", or 0x57 0x6A 0x4E 0x7D 0x7C 0x4D 0x28 0x36.</p>
</div>
@@ -69222,29 +69225,29 @@
<li>
- <p>Let <var title="">spaces1</var> be the number of U+0020 SPACE
- characters in <var title="">key1</var>.</p>
+ <p>Let <var title="">spaces<sub title="">1</sub></var> be the number of U+0020 SPACE
+ characters in <var title="">key<sub title="">1</sub></var>.</p>
- <p>Let <var title="">spaces2</var> be the number of U+0020 SPACE
- characters in <var title="">key2</var>.</p>
+ <p>Let <var title="">spaces<sub title="">2</sub></var> be the number of U+0020 SPACE
+ characters in <var title="">key<sub title="">2</sub></var>.</p>
- <p>If either <var title="">spaces1</var> or <var title="">spaces2</var> is zero, then <a href=#abort-the-websocket-connection>abort the WebSocket
+ <p>If either <var title="">spaces<sub title="">1</sub></var> or <var title="">spaces<sub title="">2</sub></var> is zero, then <a href=#abort-the-websocket-connection>abort the WebSocket
connection</a>. This is a symptom of a cross-protocol
attack.</p>
- <p class=example>In the example above, <var title="">spaces1</var> would be 4 and <var title="">spaces2</var>
+ <p class=example>In the example above, <var title="">spaces<sub title="">1</sub></var> would be 4 and <var title="">spaces<sub title="">2</sub></var>
would be 10.</p>
</li>
<li>
- <p>If <var title="">key1-number</var> is not an integral multiple
- of <var title="">spaces1</var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
+ <p>If <var title="">key-number<sub title="">1</sub></var> is not an integral multiple
+ of <var title="">spaces<sub title="">1</sub></var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
connection</a>.</p>
- <p>If <var title="">key2-number</var> is not an integral multiple
- of <var title="">spaces2</var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
+ <p>If <var title="">key-number<sub title="">2</sub></var> is not an integral multiple
+ of <var title="">spaces<sub title="">2</sub></var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
connection</a>.</p>
<p class=note>This can only happen if the client is not a
@@ -69254,21 +69257,21 @@
<li>
- <p>Let <var title="">part1</var> be <var title="">key1-number</var> divided by <var title="">spaces1</var>.</p>
+ <p>Let <var title="">part<sub title="">1</sub></var> be <var title="">key-number<sub title="">1</sub></var> divided by <var title="">spaces<sub title="">1</sub></var>.</p>
- <p>Let <var title="">part2</var> be <var title="">key2-number</var> divided by <var title="">spaces2</var>.</p>
+ <p>Let <var title="">part<sub title="">2</sub></var> be <var title="">key-number<sub title="">2</sub></var> divided by <var title="">spaces<sub title="">2</sub></var>.</p>
- <p class=example>In the example above, <var title="">part1</var>
- would be 906,585,445 and <var title="">part2</var> would be
+ <p class=example>In the example above, <var title="">part<sub title="">1</sub></var>
+ would be 906,585,445 and <var title="">part<sub title="">2</sub></var> would be
179,922,739.</p>
</li>
<li>
- <p>Let <var title="">challenge</var> be the concatenation of <var title="">part1</var>, expressed as a big-endian 32 bit integer,
- <var title="">part2</var>, expressed as a big-endian 32 bit
- integer, and the eight bytes of <var title="">key3</var> in the
+ <p>Let <var title="">challenge</var> be the concatenation of <var title="">part<sub title="">1</sub></var>, expressed as a big-endian 32 bit integer,
+ <var title="">part<sub title="">2</sub></var>, expressed as a big-endian 32 bit
+ integer, and the eight bytes of <var title="">key<sub title="">3</sub></var> in the
order they were sent on the wire.</p>
<!--
@@ -69347,8 +69350,15 @@
</dd>
- </dl></li>
+ </dl><p>Optionally, include "<code title=http-setcookie>Set-Cookie</code>", "<code title=http-setcookie2>Set-Cookie2</code>", or other
+ cookie-related fields, with values equal to the values that would
+ be used for the identically named HTTP headers.
+ <a href=#refsCOOKIES>[COOKIES]</a>
+ </p>
+
+ </li>
+
<li>
<p>Send two bytes 0x0D 0x0A (ASCII CRLF).</p>
Modified: source
===================================================================
--- source 2010-03-05 01:37:44 UTC (rev 4827)
+++ source 2010-03-05 01:56:01 UTC (rev 4828)
@@ -75998,7 +75998,7 @@
client's handshake to verify the correctness of the values.</p>
<p>Option fields can also be included. In this version of the
- protocol, the only option field is <code
+ protocol, the main option field is <code
title="http-sec-websocket-protocol">Sec-WebSocket-Protocol</code>,
which indicates the subprotocol that the server speaks. Web browsers
verify that the server included the same value as was specified in
@@ -76008,6 +76008,9 @@
<pre>Sec-WebSocket-Protocol: chat</pre>
+ <p>The server can also set cookie-related option fields to
+ <em>set</em> cookies, as in HTTP.</p>
+
<p>After the fields, the server sends the aforementioned MD5 sum, a
16 byte (128 bit) value, shown here as if interpreted as ASCII:</p>
@@ -77763,19 +77766,19 @@
value. The empty string is not the same as the null value for
these purposes.</dd>
- <dt><var title="">key1</var></dt>
+ <dt><var title="">key<sub title="">1</sub></var></dt>
<dd>The value of the "<code
title="http-sec-websocket-key1">Sec-WebSocket-Key1</code>"
field in the client's handshake.</dd>
- <dt><var title="">key2</var></dt>
+ <dt><var title="">key<sub title="">2</sub></var></dt>
<dd>The value of the "<code
title="http-sec-websocket-key2">Sec-WebSocket-Key2</code>"
field in the client's handshake.</dd>
- <dt><var title="">key3</var></dt>
+ <dt><var title="">key<sub title="">3</sub></var></dt>
<dd>The eight random bytes sent after the first 0x0D 0x0A 0x0D
0x0A sequence in the client's handshake.</dd>
@@ -77796,15 +77799,15 @@
<li>
- <p>Let <var title="">key1-number</var> be the digits (characters
+ <p>Let <var title="">key-number<sub title="">1</sub></var> be the digits (characters
in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
- <var title="">key1</var>, interpreted as a base ten integer,
- ignoring all other characters in <var title="">key1</var>.</p>
+ <var title="">key<sub title="">1</sub></var>, interpreted as a base ten integer,
+ ignoring all other characters in <var title="">key<sub title="">1</sub></var>.</p>
- <p>Let <var title="">key2-number</var> be the digits (characters
+ <p>Let <var title="">key-number<sub title="">2</sub></var> be the digits (characters
in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
- <var title="">key2</var>, interpreted as a base ten integer,
- ignoring all other characters in <var title="">key2</var>.</p>
+ <var title="">key<sub title="">2</sub></var>, interpreted as a base ten integer,
+ ignoring all other characters in <var title="">key<sub title="">2</sub></var>.</p>
<div class="example">
@@ -77820,11 +77823,11 @@
WjN}|M(6</pre>
- <p>The <var title="">key1-number</var> would be the number
- 3,626,341,780, and the <var title="">key2-number</var> would be
+ <p>The <var title="">key-number<sub title="">1</sub></var> would be the number
+ 3,626,341,780, and the <var title="">key-number<sub title="">2</sub></var> would be
the number 1,799,227,390.</p>
- <p>In this example, incidentally, <var title="">key3</var> is
+ <p>In this example, incidentally, <var title="">key<sub title="">3</sub></var> is
"WjN}|M(6", or 0x57 0x6A 0x4E 0x7D 0x7C 0x4D 0x28 0x36.</p>
</div>
@@ -77833,31 +77836,31 @@
<li>
- <p>Let <var title="">spaces1</var> be the number of U+0020 SPACE
- characters in <var title="">key1</var>.</p>
+ <p>Let <var title="">spaces<sub title="">1</sub></var> be the number of U+0020 SPACE
+ characters in <var title="">key<sub title="">1</sub></var>.</p>
- <p>Let <var title="">spaces2</var> be the number of U+0020 SPACE
- characters in <var title="">key2</var>.</p>
+ <p>Let <var title="">spaces<sub title="">2</sub></var> be the number of U+0020 SPACE
+ characters in <var title="">key<sub title="">2</sub></var>.</p>
- <p>If either <var title="">spaces1</var> or <var
- title="">spaces2</var> is zero, then <span>abort the WebSocket
+ <p>If either <var title="">spaces<sub title="">1</sub></var> or <var
+ title="">spaces<sub title="">2</sub></var> is zero, then <span>abort the WebSocket
connection</span>. This is a symptom of a cross-protocol
attack.</p>
<p class="example">In the example above, <var
- title="">spaces1</var> would be 4 and <var title="">spaces2</var>
+ title="">spaces<sub title="">1</sub></var> would be 4 and <var title="">spaces<sub title="">2</sub></var>
would be 10.</p>
</li>
<li>
- <p>If <var title="">key1-number</var> is not an integral multiple
- of <var title="">spaces1</var>, then <span>abort the WebSocket
+ <p>If <var title="">key-number<sub title="">1</sub></var> is not an integral multiple
+ of <var title="">spaces<sub title="">1</sub></var>, then <span>abort the WebSocket
connection</span>.</p>
- <p>If <var title="">key2-number</var> is not an integral multiple
- of <var title="">spaces2</var>, then <span>abort the WebSocket
+ <p>If <var title="">key-number<sub title="">2</sub></var> is not an integral multiple
+ of <var title="">spaces<sub title="">2</sub></var>, then <span>abort the WebSocket
connection</span>.</p>
<p class="note">This can only happen if the client is not a
@@ -77867,14 +77870,14 @@
<li>
- <p>Let <var title="">part1</var> be <var
- title="">key1-number</var> divided by <var title="">spaces1</var>.</p>
+ <p>Let <var title="">part<sub title="">1</sub></var> be <var
+ title="">key-number<sub title="">1</sub></var> divided by <var title="">spaces<sub title="">1</sub></var>.</p>
- <p>Let <var title="">part2</var> be <var
- title="">key2-number</var> divided by <var title="">spaces2</var>.</p>
+ <p>Let <var title="">part<sub title="">2</sub></var> be <var
+ title="">key-number<sub title="">2</sub></var> divided by <var title="">spaces<sub title="">2</sub></var>.</p>
- <p class="example">In the example above, <var title="">part1</var>
- would be 906,585,445 and <var title="">part2</var> would be
+ <p class="example">In the example above, <var title="">part<sub title="">1</sub></var>
+ would be 906,585,445 and <var title="">part<sub title="">2</sub></var> would be
179,922,739.</p>
</li>
@@ -77882,9 +77885,9 @@
<li>
<p>Let <var title="">challenge</var> be the concatenation of <var
- title="">part1</var>, expressed as a big-endian 32 bit integer,
- <var title="">part2</var>, expressed as a big-endian 32 bit
- integer, and the eight bytes of <var title="">key3</var> in the
+ title="">part<sub title="">1</sub></var>, expressed as a big-endian 32 bit integer,
+ <var title="">part<sub title="">2</sub></var>, expressed as a big-endian 32 bit
+ integer, and the eight bytes of <var title="">key<sub title="">3</sub></var> in the
order they were sent on the wire.</p>
<!--
@@ -77970,6 +77973,19 @@
</dl>
+ <p>Optionally, include "<code
+ title="http-setcookie">Set-Cookie</code>", "<code
+ title="http-setcookie2">Set-Cookie2</code>", or other
+ cookie-related fields, with values equal to the values that would
+ be used for the identically named HTTP headers.
+<!--END complete-->
+ <a href="#refsRFC2109">[RFC2109]</a>
+ <a href="#refsRFC2965">[RFC2965]</a>
+<!--START complete--><!--END websocket-protocol-->
+ <a href="#refsCOOKIES">[COOKIES]</a>
+<!--START websocket-protocol-->
+ </p>
+
</li>
<li>
More information about the Commit-Watchers
mailing list