Open Bug 1727118 Opened 4 years ago Updated 4 years ago

WebSocket should fail when client specifies subprotocols and server replies with none

Categories

(Core :: Networking: WebSockets, defect, P3)

Product:
Core
Component:
Networking: WebSockets
Version:
Firefox 91
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: contact, Unassigned)

Details

(Whiteboard: [necko-triaged])

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0

Steps to reproduce:

Try the following with a WebSocket server which doesn't care about subprotocols:

let ws = new WebSocket("wss://example.org", ["invalid-subprotocol"]);

Actual results:

The connection succeeds.

Expected results:

The connection should fail, because the server will reply with an empty subprotocol.

https://bugzilla.mozilla.org/show_bug.cgi?id=711886 fixes a similar bug (server replies with a different subprotocol) but fails to handle the case where the returned subprotocol is empty.

The spec says:

If protocols is not the empty list and extracting header list values given Sec-WebSocket-Protocol and response’s header list results in null, failure, or the empty byte sequence, then fail the WebSocket connection.

Ref https://fetch.spec.whatwg.org/#websocket-opening-handshake

The Bugbug bot thinks this bug should belong to the 'Core::Networking: WebSockets' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Networking: WebSockets
Product: Firefox → Core
Severity: -- → S3
Priority: -- → P3
Whiteboard: [necko-triaged]
You need to log in before you can comment on or make changes to this bug.