[whatwg] WebSockets: origin
simonp at opera.com
Thu Apr 8 00:58:54 PDT 2010
4. Let origin be the ASCII serialization of the origin of the script that
invoked the WebSocket() constructor, converted to ASCII lowercase.
6. Establish a WebSocket connection...
13. Add the string consisting of the concatenation of the string
"Origin:", a U+0020 SPACE character, and the origin value, converted to
ASCII lowercase, to fields.
If the entry's name is "sec-websocket-origin"
If the value is not exactly equal to origin, converted to ASCII lowercase,
then fail the WebSocket connection and abort these steps. [ORIGIN]
Isn't it enough to convert it to lowercase once, in the constructor?
Sending the server's opening handshake says
The ASCII serialization of the origin that the server is willing to
communicate with. If the server can respond to requests from multiple
origins (or indeed, all origins), then the value should be derived from
the client's handshake, specifically from the "Origin" field. [ORIGIN]
Shouldn't the server convert the origin to lowercase if that's the format
the client expects? Or should the client accept case-insensitive origin
More information about the whatwg