Trying to connect to a forbidden port with websocket no longer returns SECURITY_ERR
Categories
(Core :: Networking: WebSockets, defect)
Tracking
()
People
(Reporter: najamelan, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Steps to reproduce:
new WebSocket( "wss://najamelan.github.io:6000" );
I am author of a Rust library that exposes a Rust API to use websockets on wasm.
Recently a test started failing because a forbidden port is no longer distinguishable from a server that doesn't listen on a certain port.
This seems like it doesn't respect the standard anymore as well as creates an inconsistency with how chrome reports the error.
I wonder if this change was intended and if so what the motivation was.
I first noticed the issue on Firefox 84 on Linux but other versions may be affected.
Actual results:
WebSocket { url: "wss://najamelan.github.io:6000/", readyState: 0, bufferedAmount: 0, onopen: null, onerror: null, onclose: null, extensions: "", protocol: "", onmessage: null, binaryType: "blob" }
Firefox can’t establish a connection to the server at wss://najamelan.github.io:6000/.
Firefox can’t establish a connection to the server at wss://najamelan.github.io:6000/.
Expected results:
Websocket standard (https://www.w3.org/TR/websockets/)
point 4.3: If port is a port to which the user agent is configured to block access, then throw a SecurityError exception. (User agents typically block access to well-known ports like SMTP.)
On chrome for example the console will say:
Uncaught DOMException: Failed to construct 'WebSocket': The port 6000 is not allowed.
at <anonymous>:1:1
|
||
Comment 1•4 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
This was intentional change that all browsers will implement. See bug 1349969 and https://github.com/web-platform-tests/wpt/pull/26392.
Description
•