Websocket header 拒绝握手
Websocket header to reject handshake
拒绝websocket握手的方法是什么。
根据接受握手的文档,来自 http 服务器的响应是这样发送的
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
但是,如果我出于各种原因想拒绝握手,那么 return HTTP 代码 403 好吗?或者还有其他方法吗?
ANY final(即非授权、非重定向)除 101 以外的 HTTP 响应代码将中止握手,因此请按照正常情况使用对您的需求有意义的任何响应代码HTTP 语义。
根据 RFC 6455:
Any status code other than 101 indicates that the WebSocket handshake has not completed and that the semantics of HTTP still apply.
...
If the |Sec-WebSocket-Accept| value does not match the expected value, if the header field is missing, or if the HTTP status code is not 101, the connection will not be established, and WebSocket frames will not be sent.
...
Once the client's opening handshake has been sent, the client MUST wait for a response from the server before sending any further data. The client MUST validate the server's response as follows:
- If the status code received from the server is not 101, the client handles the response per HTTP [RFC2616] procedures. In particular, the client might perform authentication if it receives a 401 status code; the server might redirect the client using a 3xx status code (but clients are not required to follow them), etc. Otherwise, proceed as follows.
...
If the server's response does not conform to the requirements for the server's handshake as defined in this section and in Section 4.2.2, the client MUST _Fail the WebSocket Connection_.
拒绝websocket握手的方法是什么。 根据接受握手的文档,来自 http 服务器的响应是这样发送的
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
但是,如果我出于各种原因想拒绝握手,那么 return HTTP 代码 403 好吗?或者还有其他方法吗?
ANY final(即非授权、非重定向)除 101 以外的 HTTP 响应代码将中止握手,因此请按照正常情况使用对您的需求有意义的任何响应代码HTTP 语义。
根据 RFC 6455:
Any status code other than 101 indicates that the WebSocket handshake has not completed and that the semantics of HTTP still apply.
...
If the |Sec-WebSocket-Accept| value does not match the expected value, if the header field is missing, or if the HTTP status code is not 101, the connection will not be established, and WebSocket frames will not be sent.
...
Once the client's opening handshake has been sent, the client MUST wait for a response from the server before sending any further data. The client MUST validate the server's response as follows:
- If the status code received from the server is not 101, the client handles the response per HTTP [RFC2616] procedures. In particular, the client might perform authentication if it receives a 401 status code; the server might redirect the client using a 3xx status code (but clients are not required to follow them), etc. Otherwise, proceed as follows.
...
If the server's response does not conform to the requirements for the server's handshake as defined in this section and in Section 4.2.2, the client MUST _Fail the WebSocket Connection_.