I have a WIP patch that updates [nsWSAdmissionManager](https://searchfox.org/mozilla-central/rev/183b0cfc30f2d40f818a08cbea960f6119e2d196/netwerk/protocol/websocket/WebSocketChannel.cpp#283-291) to double key the pending connection queue by address (host or IP) and origin attributes of the caller. To do this I'm adding an additional member, the origin suffix containing the partitionKey, to `nsOpenConn` here: https://searchfox.org/mozilla-central/rev/183b0cfc30f2d40f818a08cbea960f6119e2d196/netwerk/protocol/websocket/WebSocketChannel.cpp#456 Dragana, do you think this approach is reasonable? I agree with Anne here, that DoS isn't that problematic since we still have a limit per top level site and endpoint IP. However, we are deviating form the standard a bit.
Bug 1713748 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I have a WIP patch that updates [nsWSAdmissionManager](https://searchfox.org/mozilla-central/rev/183b0cfc30f2d40f818a08cbea960f6119e2d196/netwerk/protocol/websocket/WebSocketChannel.cpp#283-291) to double key the pending connection queue by address (host or IP) and origin attributes of the caller. To do this I'm adding an additional member, the origin suffix containing the partitionKey, to `nsOpenConn` here: https://searchfox.org/mozilla-central/rev/183b0cfc30f2d40f818a08cbea960f6119e2d196/netwerk/protocol/websocket/WebSocketChannel.cpp#456 Dragana, do you think this approach is reasonable? I agree with Anne here, that DoS isn't that problematic since we still have a limit per top level site and endpoint IP. However, we are deviating from the standard a bit.