[whatwg] WebSocket handshake: 0x0D in first "line"

Simon Pieters simonp at opera.com
Fri May 7 02:53:04 PDT 2010

establish a WebSocket connection

28. Read bytes from the server until either the connection closes, or a  
0x0A byte is read. Let field be these bytes, including the 0x0A byte.

If field is not at least seven bytes long, or if the last two bytes aren't  
0x0D and 0x0A respectively, or if it does not contain at least two 0x20  
bytes, then fail the WebSocket connection and abort these steps.

User agents may apply a timeout to this step, failing the WebSocket  
connection if the server does not send back data in a suitable time period.

29. Let code be the substring of field that starts from the byte after the  
first 0x20 byte, and ends with the byte before the second 0x20 byte.

This makes it possible for servers to include 0x0D bytes before and after  
the status code, and potentially trick broken clients that aren't so fuzzy  
with new lines to misinterpret the handshake. Maybe we should read ahead  
to the first 0x0D byte and check if the next byte is 0x0A instead.

Simon Pieters
Opera Software

More information about the whatwg mailing list