让 chrome 使用 CONNECT 进行 websockets
make chromium use CONNECT for websockets
IT在工作中引入了一种新的基于squid的代理解决方案。 It should support websockets if the client uses connect:
Squid does not support WebSockets natively. However if the client
software is correctly using CONNECT it should be possible with
Squid-3.4.5.
使用 chomiums DevTools(在 SO 上),我可以看到从 HTTPS 连接升级到 wss 连接的握手。这不起作用(见下图)。问题似乎是铬使用 GET 而不是 CONNECT.
我还看到服务器响应 Connection: keep-alive 而不是我所期望的 Upgrade。因此页面底部出现错误。
问题: 我如何配置 chromium 以使用 CONNECT 而不是 GET?
旁注:这与 this post on meta.se 有关。 FF 弹出一大堆代理身份验证请求,但仍然失败。
如您在 RFC6455 文档中所见,请求应该是 GET 请求:
The opening handshake is intended to be compatible with HTTP-based server-side software and intermediaries, so that a single port can be used by both HTTP clients talking to that server and WebSocket clients talking to that server. To this end, the WebSocket client's handshake is an HTTP Upgrade request:
GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Origin: http://example.com
Sec-WebSocket-Protocol: chat, superchat
Sec-WebSocket-Version: 13
...
The "Request-URI" of the GET method [RFC2616] is used to identify the endpoint of the WebSocket connection, both to allow multiple domains to be served from one IP address and to allow multiple WebSocket endpoints to be served by a single server.
在 different section 中指出:
The client's opening handshake consists of the following parts. If the server, while reading the handshake, finds that the client did not send a handshake that matches the description below (note that as per [RFC2616], the order of the header fields is not important), including but not limited to any violations of the ABNF grammar specified for the components of the handshake, the server MUST stop processing the client's handshake and return an HTTP response with an appropriate error code (such as 400 Bad Request).
- An HTTP/1.1 or higher GET request, including a "Request-URI"
[RFC2616] that should be interpreted as a /resource name/
defined in Section 3 (or an absolute HTTP/HTTPS URI containing
the /resource name/).
所以...嗯...实际上是使用 CONNECT 请求,而不是解决方案...
我会致力于推动 squid 正确评估 Websocket 请求或猴子修补 squid 的解决方法,而不是尝试强制 chomiums 使用可能被其他 Websocket 服务器拒绝的非标准请求。
正如 Myst 所述,WebSockets 使用 GET。
尝试使用 WSS://,您可能会成功,因为代理无法干扰安全连接。
IT在工作中引入了一种新的基于squid的代理解决方案。 It should support websockets if the client uses connect:
Squid does not support WebSockets natively. However if the client software is correctly using CONNECT it should be possible with Squid-3.4.5.
使用 chomiums DevTools(在 SO 上),我可以看到从 HTTPS 连接升级到 wss 连接的握手。这不起作用(见下图)。问题似乎是铬使用 GET 而不是 CONNECT.
我还看到服务器响应 Connection: keep-alive 而不是我所期望的 Upgrade。因此页面底部出现错误。
问题: 我如何配置 chromium 以使用 CONNECT 而不是 GET?
旁注:这与 this post on meta.se 有关。 FF 弹出一大堆代理身份验证请求,但仍然失败。
如您在 RFC6455 文档中所见,请求应该是 GET 请求:
The opening handshake is intended to be compatible with HTTP-based server-side software and intermediaries, so that a single port can be used by both HTTP clients talking to that server and WebSocket clients talking to that server. To this end, the WebSocket client's handshake is an HTTP Upgrade request:
GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Origin: http://example.com
Sec-WebSocket-Protocol: chat, superchat
Sec-WebSocket-Version: 13
... The "Request-URI" of the GET method [RFC2616] is used to identify the endpoint of the WebSocket connection, both to allow multiple domains to be served from one IP address and to allow multiple WebSocket endpoints to be served by a single server.
在 different section 中指出:
The client's opening handshake consists of the following parts. If the server, while reading the handshake, finds that the client did not send a handshake that matches the description below (note that as per [RFC2616], the order of the header fields is not important), including but not limited to any violations of the ABNF grammar specified for the components of the handshake, the server MUST stop processing the client's handshake and return an HTTP response with an appropriate error code (such as 400 Bad Request).
- An HTTP/1.1 or higher GET request, including a "Request-URI" [RFC2616] that should be interpreted as a /resource name/ defined in Section 3 (or an absolute HTTP/HTTPS URI containing the /resource name/).
所以...嗯...实际上是使用 CONNECT 请求,而不是解决方案...
我会致力于推动 squid 正确评估 Websocket 请求或猴子修补 squid 的解决方法,而不是尝试强制 chomiums 使用可能被其他 Websocket 服务器拒绝的非标准请求。
正如 Myst 所述,WebSockets 使用 GET。
尝试使用 WSS://,您可能会成功,因为代理无法干扰安全连接。