[whatwg] WebSockets: origin

Simon Pieters simonp at opera.com
Thu Apr 8 00:58:54 PDT 2010

WebSockets constructor:

4. Let origin be the ASCII serialization of the origin of the script that  
invoked the WebSocket() constructor, converted to ASCII lowercase.
6. Establish a WebSocket connection...

which says

13. Add the string consisting of the concatenation of the string  
"Origin:", a U+0020 SPACE character, and the origin value, converted to  
ASCII lowercase, to fields.
41. ...
If the entry's name is "sec-websocket-origin"
If the value is not exactly equal to origin, converted to ASCII lowercase,  
then fail the WebSocket connection and abort these steps. [ORIGIN]

Isn't it enough to convert it to lowercase once, in the constructor?

Sending the server's opening handshake says

The ASCII serialization of the origin that the server is willing to  
communicate with. If the server can respond to requests from multiple  
origins (or indeed, all origins), then the value should be derived from  
the client's handshake, specifically from the "Origin" field. [ORIGIN]

Shouldn't the server convert the origin to lowercase if that's the format  
the client expects? Or should the client accept case-insensitive origin  

Simon Pieters
Opera Software

More information about the whatwg mailing list