[html5] r4828 - [t] (0) Allow server to specify cookie-related fields. (Editorial: Also, change [...]

whatwg at whatwg.org whatwg at whatwg.org
Thu Mar 4 17:56:02 PST 2010


Author: ianh
Date: 2010-03-04 17:56:01 -0800 (Thu, 04 Mar 2010)
New Revision: 4828

Modified:
   complete.html
   source
Log:
[t] (0) Allow server to specify cookie-related fields. (Editorial: Also, change the server-side rules to use <sub> like the client-side rules.)

Modified: complete.html
===================================================================
--- complete.html	2010-03-05 01:37:44 UTC (rev 4827)
+++ complete.html	2010-03-05 01:56:01 UTC (rev 4828)
@@ -67613,7 +67613,7 @@
   client's handshake to verify the correctness of the values.</p>
 
   <p>Option fields can also be included. In this version of the
-  protocol, the only option field is <code title=http-sec-websocket-protocol><a href=#sec-websocket-protocol>Sec-WebSocket-Protocol</a></code>,
+  protocol, the main option field is <code title=http-sec-websocket-protocol><a href=#sec-websocket-protocol>Sec-WebSocket-Protocol</a></code>,
   which indicates the subprotocol that the server speaks. Web browsers
   verify that the server included the same value as was specified in
   the <code><a href=#websocket>WebSocket</a></code> constructor, so a server that speaks
@@ -67622,6 +67622,9 @@
 
   <pre>Sec-WebSocket-Protocol: chat</pre>
 
+  <p>The server can also set cookie-related option fields to
+  <em>set</em> cookies, as in HTTP.</p>
+
   <p>After the fields, the server sends the aforementioned MD5 sum, a
   16 byte (128 bit) value, shown here as if interpreted as ASCII:</p>
 
@@ -69158,17 +69161,17 @@
      value. The empty string is not the same as the null value for
      these purposes.</dd>
 
-     <dt><var title="">key1</var></dt>
+     <dt><var title="">key<sub title="">1</sub></var></dt>
 
      <dd>The value of the "<code title=http-sec-websocket-key1><a href=#sec-websocket-key1-and-sec-websocket-key2>Sec-WebSocket-Key1</a></code>"
      field in the client's handshake.</dd>
 
-     <dt><var title="">key2</var></dt>
+     <dt><var title="">key<sub title="">2</sub></var></dt>
 
      <dd>The value of the "<code title=http-sec-websocket-key2><a href=#sec-websocket-key1-and-sec-websocket-key2>Sec-WebSocket-Key2</a></code>"
      field in the client's handshake.</dd>
 
-     <dt><var title="">key3</var></dt>
+     <dt><var title="">key<sub title="">3</sub></var></dt>
 
      <dd>The eight random bytes sent after the first 0x0D 0x0A 0x0D
      0x0A sequence in the client's handshake.</dd>
@@ -69185,15 +69188,15 @@
 
    <li>
 
-    <p>Let <var title="">key1-number</var> be the digits (characters
+    <p>Let <var title="">key-number<sub title="">1</sub></var> be the digits (characters
     in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
-    <var title="">key1</var>, interpreted as a base ten integer,
-    ignoring all other characters in <var title="">key1</var>.</p>
+    <var title="">key<sub title="">1</sub></var>, interpreted as a base ten integer,
+    ignoring all other characters in <var title="">key<sub title="">1</sub></var>.</p>
 
-    <p>Let <var title="">key2-number</var> be the digits (characters
+    <p>Let <var title="">key-number<sub title="">2</sub></var> be the digits (characters
     in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
-    <var title="">key2</var>, interpreted as a base ten integer,
-    ignoring all other characters in <var title="">key2</var>.</p>
+    <var title="">key<sub title="">2</sub></var>, interpreted as a base ten integer,
+    ignoring all other characters in <var title="">key<sub title="">2</sub></var>.</p>
 
     <div class=example>
 
@@ -69209,11 +69212,11 @@
 
 WjN}|M(6</pre>
 
-     <p>The <var title="">key1-number</var> would be the number
-     3,626,341,780, and the <var title="">key2-number</var> would be
+     <p>The <var title="">key-number<sub title="">1</sub></var> would be the number
+     3,626,341,780, and the <var title="">key-number<sub title="">2</sub></var> would be
      the number 1,799,227,390.</p>
 
-     <p>In this example, incidentally, <var title="">key3</var> is
+     <p>In this example, incidentally, <var title="">key<sub title="">3</sub></var> is
      "WjN}|M(6", or 0x57 0x6A 0x4E 0x7D 0x7C 0x4D 0x28 0x36.</p>
 
     </div>
@@ -69222,29 +69225,29 @@
 
    <li>
 
-    <p>Let <var title="">spaces1</var> be the number of U+0020 SPACE
-    characters in <var title="">key1</var>.</p>
+    <p>Let <var title="">spaces<sub title="">1</sub></var> be the number of U+0020 SPACE
+    characters in <var title="">key<sub title="">1</sub></var>.</p>
 
-    <p>Let <var title="">spaces2</var> be the number of U+0020 SPACE
-    characters in <var title="">key2</var>.</p>
+    <p>Let <var title="">spaces<sub title="">2</sub></var> be the number of U+0020 SPACE
+    characters in <var title="">key<sub title="">2</sub></var>.</p>
 
-    <p>If either <var title="">spaces1</var> or <var title="">spaces2</var> is zero, then <a href=#abort-the-websocket-connection>abort the WebSocket
+    <p>If either <var title="">spaces<sub title="">1</sub></var> or <var title="">spaces<sub title="">2</sub></var> is zero, then <a href=#abort-the-websocket-connection>abort the WebSocket
     connection</a>. This is a symptom of a cross-protocol
     attack.</p>
 
-    <p class=example>In the example above, <var title="">spaces1</var> would be 4 and <var title="">spaces2</var>
+    <p class=example>In the example above, <var title="">spaces<sub title="">1</sub></var> would be 4 and <var title="">spaces<sub title="">2</sub></var>
     would be 10.</p>
 
    </li>
 
    <li>
 
-    <p>If <var title="">key1-number</var> is not an integral multiple
-    of <var title="">spaces1</var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
+    <p>If <var title="">key-number<sub title="">1</sub></var> is not an integral multiple
+    of <var title="">spaces<sub title="">1</sub></var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
     connection</a>.</p>
 
-    <p>If <var title="">key2-number</var> is not an integral multiple
-    of <var title="">spaces2</var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
+    <p>If <var title="">key-number<sub title="">2</sub></var> is not an integral multiple
+    of <var title="">spaces<sub title="">2</sub></var>, then <a href=#abort-the-websocket-connection>abort the WebSocket
     connection</a>.</p>
 
     <p class=note>This can only happen if the client is not a
@@ -69254,21 +69257,21 @@
 
    <li>
 
-    <p>Let <var title="">part1</var> be <var title="">key1-number</var> divided by <var title="">spaces1</var>.</p>
+    <p>Let <var title="">part<sub title="">1</sub></var> be <var title="">key-number<sub title="">1</sub></var> divided by <var title="">spaces<sub title="">1</sub></var>.</p>
 
-    <p>Let <var title="">part2</var> be <var title="">key2-number</var> divided by <var title="">spaces2</var>.</p>
+    <p>Let <var title="">part<sub title="">2</sub></var> be <var title="">key-number<sub title="">2</sub></var> divided by <var title="">spaces<sub title="">2</sub></var>.</p>
 
-    <p class=example>In the example above, <var title="">part1</var>
-    would be 906,585,445 and <var title="">part2</var> would be
+    <p class=example>In the example above, <var title="">part<sub title="">1</sub></var>
+    would be 906,585,445 and <var title="">part<sub title="">2</sub></var> would be
     179,922,739.</p>
 
    </li>
 
    <li>
 
-    <p>Let <var title="">challenge</var> be the concatenation of <var title="">part1</var>, expressed as a big-endian 32 bit integer,
-    <var title="">part2</var>, expressed as a big-endian 32 bit
-    integer, and the eight bytes of <var title="">key3</var> in the
+    <p>Let <var title="">challenge</var> be the concatenation of <var title="">part<sub title="">1</sub></var>, expressed as a big-endian 32 bit integer,
+    <var title="">part<sub title="">2</sub></var>, expressed as a big-endian 32 bit
+    integer, and the eight bytes of <var title="">key<sub title="">3</sub></var> in the
     order they were sent on the wire.</p>
 
     <!--
@@ -69347,8 +69350,15 @@
 
      </dd>
 
-    </dl></li>
+    </dl><p>Optionally, include "<code title=http-setcookie>Set-Cookie</code>", "<code title=http-setcookie2>Set-Cookie2</code>", or other
+    cookie-related fields, with values equal to the values that would
+    be used for the identically named HTTP headers.
+     <a href=#refsCOOKIES>[COOKIES]</a>
 
+    </p>
+
+   </li>
+
    <li>
 
     <p>Send two bytes 0x0D 0x0A (ASCII CRLF).</p>

Modified: source
===================================================================
--- source	2010-03-05 01:37:44 UTC (rev 4827)
+++ source	2010-03-05 01:56:01 UTC (rev 4828)
@@ -75998,7 +75998,7 @@
   client's handshake to verify the correctness of the values.</p>
 
   <p>Option fields can also be included. In this version of the
-  protocol, the only option field is <code
+  protocol, the main option field is <code
   title="http-sec-websocket-protocol">Sec-WebSocket-Protocol</code>,
   which indicates the subprotocol that the server speaks. Web browsers
   verify that the server included the same value as was specified in
@@ -76008,6 +76008,9 @@
 
   <pre>Sec-WebSocket-Protocol: chat</pre>
 
+  <p>The server can also set cookie-related option fields to
+  <em>set</em> cookies, as in HTTP.</p>
+
   <p>After the fields, the server sends the aforementioned MD5 sum, a
   16 byte (128 bit) value, shown here as if interpreted as ASCII:</p>
 
@@ -77763,19 +77766,19 @@
      value. The empty string is not the same as the null value for
      these purposes.</dd>
 
-     <dt><var title="">key1</var></dt>
+     <dt><var title="">key<sub title="">1</sub></var></dt>
 
      <dd>The value of the "<code
      title="http-sec-websocket-key1">Sec-WebSocket-Key1</code>"
      field in the client's handshake.</dd>
 
-     <dt><var title="">key2</var></dt>
+     <dt><var title="">key<sub title="">2</sub></var></dt>
 
      <dd>The value of the "<code
      title="http-sec-websocket-key2">Sec-WebSocket-Key2</code>"
      field in the client's handshake.</dd>
 
-     <dt><var title="">key3</var></dt>
+     <dt><var title="">key<sub title="">3</sub></var></dt>
 
      <dd>The eight random bytes sent after the first 0x0D 0x0A 0x0D
      0x0A sequence in the client's handshake.</dd>
@@ -77796,15 +77799,15 @@
 
    <li>
 
-    <p>Let <var title="">key1-number</var> be the digits (characters
+    <p>Let <var title="">key-number<sub title="">1</sub></var> be the digits (characters
     in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
-    <var title="">key1</var>, interpreted as a base ten integer,
-    ignoring all other characters in <var title="">key1</var>.</p>
+    <var title="">key<sub title="">1</sub></var>, interpreted as a base ten integer,
+    ignoring all other characters in <var title="">key<sub title="">1</sub></var>.</p>
 
-    <p>Let <var title="">key2-number</var> be the digits (characters
+    <p>Let <var title="">key-number<sub title="">2</sub></var> be the digits (characters
     in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)) in
-    <var title="">key2</var>, interpreted as a base ten integer,
-    ignoring all other characters in <var title="">key2</var>.</p>
+    <var title="">key<sub title="">2</sub></var>, interpreted as a base ten integer,
+    ignoring all other characters in <var title="">key<sub title="">2</sub></var>.</p>
 
     <div class="example">
 
@@ -77820,11 +77823,11 @@
 
 WjN}|M(6</pre>
 
-     <p>The <var title="">key1-number</var> would be the number
-     3,626,341,780, and the <var title="">key2-number</var> would be
+     <p>The <var title="">key-number<sub title="">1</sub></var> would be the number
+     3,626,341,780, and the <var title="">key-number<sub title="">2</sub></var> would be
      the number 1,799,227,390.</p>
 
-     <p>In this example, incidentally, <var title="">key3</var> is
+     <p>In this example, incidentally, <var title="">key<sub title="">3</sub></var> is
      "WjN}|M(6", or 0x57 0x6A 0x4E 0x7D 0x7C 0x4D 0x28 0x36.</p>
 
     </div>
@@ -77833,31 +77836,31 @@
 
    <li>
 
-    <p>Let <var title="">spaces1</var> be the number of U+0020 SPACE
-    characters in <var title="">key1</var>.</p>
+    <p>Let <var title="">spaces<sub title="">1</sub></var> be the number of U+0020 SPACE
+    characters in <var title="">key<sub title="">1</sub></var>.</p>
 
-    <p>Let <var title="">spaces2</var> be the number of U+0020 SPACE
-    characters in <var title="">key2</var>.</p>
+    <p>Let <var title="">spaces<sub title="">2</sub></var> be the number of U+0020 SPACE
+    characters in <var title="">key<sub title="">2</sub></var>.</p>
 
-    <p>If either <var title="">spaces1</var> or <var
-    title="">spaces2</var> is zero, then <span>abort the WebSocket
+    <p>If either <var title="">spaces<sub title="">1</sub></var> or <var
+    title="">spaces<sub title="">2</sub></var> is zero, then <span>abort the WebSocket
     connection</span>. This is a symptom of a cross-protocol
     attack.</p>
 
     <p class="example">In the example above, <var
-    title="">spaces1</var> would be 4 and <var title="">spaces2</var>
+    title="">spaces<sub title="">1</sub></var> would be 4 and <var title="">spaces<sub title="">2</sub></var>
     would be 10.</p>
 
    </li>
 
    <li>
 
-    <p>If <var title="">key1-number</var> is not an integral multiple
-    of <var title="">spaces1</var>, then <span>abort the WebSocket
+    <p>If <var title="">key-number<sub title="">1</sub></var> is not an integral multiple
+    of <var title="">spaces<sub title="">1</sub></var>, then <span>abort the WebSocket
     connection</span>.</p>
 
-    <p>If <var title="">key2-number</var> is not an integral multiple
-    of <var title="">spaces2</var>, then <span>abort the WebSocket
+    <p>If <var title="">key-number<sub title="">2</sub></var> is not an integral multiple
+    of <var title="">spaces<sub title="">2</sub></var>, then <span>abort the WebSocket
     connection</span>.</p>
 
     <p class="note">This can only happen if the client is not a
@@ -77867,14 +77870,14 @@
 
    <li>
 
-    <p>Let <var title="">part1</var> be <var
-    title="">key1-number</var> divided by <var title="">spaces1</var>.</p>
+    <p>Let <var title="">part<sub title="">1</sub></var> be <var
+    title="">key-number<sub title="">1</sub></var> divided by <var title="">spaces<sub title="">1</sub></var>.</p>
 
-    <p>Let <var title="">part2</var> be <var
-    title="">key2-number</var> divided by <var title="">spaces2</var>.</p>
+    <p>Let <var title="">part<sub title="">2</sub></var> be <var
+    title="">key-number<sub title="">2</sub></var> divided by <var title="">spaces<sub title="">2</sub></var>.</p>
 
-    <p class="example">In the example above, <var title="">part1</var>
-    would be 906,585,445 and <var title="">part2</var> would be
+    <p class="example">In the example above, <var title="">part<sub title="">1</sub></var>
+    would be 906,585,445 and <var title="">part<sub title="">2</sub></var> would be
     179,922,739.</p>
 
    </li>
@@ -77882,9 +77885,9 @@
    <li>
 
     <p>Let <var title="">challenge</var> be the concatenation of <var
-    title="">part1</var>, expressed as a big-endian 32 bit integer,
-    <var title="">part2</var>, expressed as a big-endian 32 bit
-    integer, and the eight bytes of <var title="">key3</var> in the
+    title="">part<sub title="">1</sub></var>, expressed as a big-endian 32 bit integer,
+    <var title="">part<sub title="">2</sub></var>, expressed as a big-endian 32 bit
+    integer, and the eight bytes of <var title="">key<sub title="">3</sub></var> in the
     order they were sent on the wire.</p>
 
     <!--
@@ -77970,6 +77973,19 @@
 
     </dl>
 
+    <p>Optionally, include "<code
+    title="http-setcookie">Set-Cookie</code>", "<code
+    title="http-setcookie2">Set-Cookie2</code>", or other
+    cookie-related fields, with values equal to the values that would
+    be used for the identically named HTTP headers.
+<!--END complete-->
+     <a href="#refsRFC2109">[RFC2109]</a>
+     <a href="#refsRFC2965">[RFC2965]</a>
+<!--START complete--><!--END websocket-protocol-->
+     <a href="#refsCOOKIES">[COOKIES]</a>
+<!--START websocket-protocol-->
+    </p>
+
    </li>
 
    <li>




More information about the Commit-Watchers mailing list