Module web_socket::handshake

Expand description

Client handshake request

A client sends a handshake request to the server. It includes the following information:

GET /chat HTTP/1.1
Host: example.com:8000
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13

The server must be careful to understand everything the client asks for, otherwise security issues can occur. If any header is not understood or has an incorrect value, the server should send a 400 (“Bad Request”)} response and immediately close the socket.

Tips

All browsers send an Origin header. You can use this header for security (checking for same origin, automatically allowing or denying, etc.) and send a 403 Forbidden if you don’t like what you see. However, be warned that non-browser agents can send a faked Origin. Most applications reject requests without this header.

Any http headers is allowed. (Do whatever you want with them)

Note

HTTP version must be 1.1 or greater, and method must be GET
Host header field containing the server’s authority.
Upgrade header field containing the value "websocket"
Connection header field that includes the token "Upgrade"
Sec-WebSocket-Version header field containing the value 13
Sec-WebSocket-Key header field with a base64-encoded value that, when decoded, is 16 bytes in length.
Request may include any other header fields, for example, cookies and/or authentication-related header fields.
Optionally, Origin header field. This header field is sent by all browser clients.

Constants

MAGIC_STRING
WebSocket magic string used during the WebSocket handshake

Functions

accept_key_from
Example
request
Example
response
Server handshake response