Closed
Bug 1040930
Opened 10 years ago
Closed 10 years ago
problems using websockets over https proxy
Categories
(Core :: Networking: WebSockets, defect)
Tracking
()
RESOLVED
FIXED
mozilla34
People
(Reporter: mcmanus, Assigned: mcmanus)
Details
Attachments
(4 files, 2 obsolete files)
|
8.94 KB,
patch
|
u408661
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
|
2.88 KB,
patch
|
u408661
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
|
1.95 KB,
patch
|
u408661
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
|
3.01 KB,
patch
|
mcmanus
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
note that we will proxy over https but only over h1. websockets requires the no-spdy flag (h2 doesn't implement upgrade to bootstrap it) and that flag is only implemented hop to hop right now in gecko. Theoretically we could tunnel a connect stream carrying h1 over an h2 proxy but we don't do that for ws. (we do sometimes do that, but we never prohibit h2 on it - that's just a result of the negotiation). the bugs here can be tested with a h1 https proxy such as squid.
|
Assignee | |
Comment 1•10 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=23bac7902be8
|
|
Assignee | |
Comment 2•10 years ago
|
||
From c7e490aba7c84093b9fb2afb00902737e3513e30 Mon Sep 17 00:00:00 2001 --- netwerk/protocol/http/TunnelUtils.cpp | 154 +++++++++++++++++++++++++++++ netwerk/protocol/http/TunnelUtils.h | 4 + netwerk/protocol/http/nsHttpConnection.cpp | 24 +++-- 3 files changed, 175 insertions(+), 7 deletions(-)
Attachment #8458899 -
Flags: review?(hurley)
|
|
Assignee | |
Comment 3•10 years ago
|
||
From d98cd4e34f664995dd8546eefd04dd696f2eb270 Mon Sep 17 00:00:00 2001 when proxying --- netwerk/protocol/http/nsHttpConnection.cpp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
Attachment #8458901 -
Flags: review?(hurley)
|
|
Assignee | |
Comment 4•10 years ago
|
||
From af7f1374123d65800bb2d8cf904eb090b70ce940 Mon Sep 17 00:00:00 2001 --- netwerk/base/src/nsSocketTransport2.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
Attachment #8458902 -
Flags: review?(hurley)
|
|
Assignee | |
Comment 5•10 years ago
|
||
From 557dfd32f86e11efeaf412a552f33ffe5d0c8289 Mon Sep 17 00:00:00 2001 --- content/base/src/WebSocket.cpp | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-)
Attachment #8458903 -
Flags: review?(hurley)
|
|
Assignee | |
Comment 6•10 years ago
|
||
Comment on attachment 8458903 [details] [diff] [review] [PATCH 1/4] mixed content websockets should be based on scheme Review of attachment 8458903 [details] [diff] [review]: ----------------------------------------------------------------- the current approach doesn't work when the http:// resource is carried of a TLS session to a proxy.. it mis construes that as a https:// page.
Attachment #8458903 -
Flags: review?(hurley) → review?(bugs)
|
||
Comment 7•10 years ago
|
||
Comment on attachment 8458903 [details] [diff] [review] [PATCH 1/4] mixed content websockets should be based on scheme This doesn't look right either. Per the current spec "If secure is false but the origin specified by the entry settings object has a scheme component that is itself a secure protocol, e.g. HTTPS, then throw a SecurityError exception and abort these steps." The API to get entry settings object is in flux atm, so better to ask bholley how to get the right object. Perhaps GetWebIDLCallerPrincipal() ?
Attachment #8458903 -
Flags: review?(bugs) → review-
Flags: needinfo?(bobbyholley)
|
||
Comment 8•10 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #7) > Comment on attachment 8458903 [details] [diff] [review] > [PATCH 1/4] mixed content websockets should be based on scheme > > This doesn't look right either. > Per the current spec "If secure is false but the origin specified by the > entry settings object has a scheme component that is itself a secure > protocol, e.g. HTTPS, then throw a SecurityError exception and abort these > steps." > > The API to get entry settings object is in flux atm, so better to ask > bholley how to get the right object. The best we have right now is BrokenGetEntryGlobal. GetEntryGlobal will be implemented once we finish bug 951991. > Perhaps GetWebIDLCallerPrincipal() ? No, this is something pretty specific and different.
Flags: needinfo?(bobbyholley)
Attachment #8458902 -
Flags: review?(hurley) → review+
Attachment #8458901 -
Flags: review?(hurley) → review+
Attachment #8458899 -
Flags: review?(hurley) → review+
|
|
Assignee | |
Comment 9•10 years ago
|
||
try for brokengetentryglobal() version https://tbpl.mozilla.org/?tree=Try&rev=8637b70cb6e9
|
|
Assignee | |
Comment 10•10 years ago
|
||
a version that uses BrokenGetEntryGlobal() - that's new to me. Is this where we should be going?
Attachment #8460710 -
Flags: review?(bugs)
|
|
||
Comment 11•10 years ago
|
||
BrokenGetEntryGlobal() does indeed sound silly, but I believe bholley has plans to make it less Broken and drop then Broken prefix.
|
|
||
Comment 12•10 years ago
|
||
Comment on attachment 8460710 [details] [diff] [review] part 1/4 mixed content websockets should be based on scheme I would nest the 'if's. Use 2 space for indentation consistently.
Attachment #8460710 -
Flags: review?(bugs) → review+
|
|
Assignee | |
Comment 13•10 years ago
|
||
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8460710 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8458903 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8461041 -
Flags: review+
|
|
Assignee | |
Comment 14•10 years ago
|
||
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/6983eedbe0be remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/62f039a68b94 remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/1cbf6b2482d8 remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/bb1af5ba3a3f
https://hg.mozilla.org/mozilla-central/rev/6983eedbe0be https://hg.mozilla.org/mozilla-central/rev/62f039a68b94 https://hg.mozilla.org/mozilla-central/rev/1cbf6b2482d8 https://hg.mozilla.org/mozilla-central/rev/bb1af5ba3a3f
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
|
|
Assignee | |
Comment 16•10 years ago
|
||
Comment on attachment 8461041 [details] [diff] [review] part 1/4 mixed content websockets should be based on scheme Approval Request Comment [Feature/regressing bug #]:378637 [User impact if declined]: inability to use websockets if using https based proxy [Describe test coverage new/current, TBPL]: all proxy code is hand tested - this has been verified on aurora [Risks and why]: changes made are 95% scoped to new 378637, so regression risk is small and the patch is straight forward [String/UUID change made/needed]: none I'm requesting approval for all 4 parts of this patch with this one request. They were just broken out for the convenience of the reviewer.
Attachment #8461041 -
Flags: approval-mozilla-aurora?
|
||
Updated•10 years ago
|
status-firefox33:
--- → affected
status-firefox34:
--- → fixed
|
|
||
Updated•10 years ago
|
Attachment #8461041 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Updated•10 years ago
|
Attachment #8458902 -
Flags: approval-mozilla-aurora+
|
|
||
Updated•10 years ago
|
Attachment #8458901 -
Flags: approval-mozilla-aurora+
|
|
||
Updated•10 years ago
|
Attachment #8458899 -
Flags: approval-mozilla-aurora+
|
|
Assignee | |
Comment 17•10 years ago
|
||
gecko 33 remote: https://hg.mozilla.org/releases/mozilla-aurora/rev/a0d165f5d2cf remote: https://hg.mozilla.org/releases/mozilla-aurora/rev/c0b72625a706 remote: https://hg.mozilla.org/releases/mozilla-aurora/rev/94d1bc81af82 remote: https://hg.mozilla.org/releases/mozilla-aurora/rev/117437846f56
|
|
Assignee | |
Updated•10 years ago
|
status-firefox32:
--- → disabled
You need to log in
before you can comment on or make changes to this bug.
Description
•