You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is - e.g. "I'm always frustrated when [...]"
I am building a WebSocket proxy able to intercept all messages flowing from client to server.
When Client->Proxy request happens,
then proxy dials the server to get the Proxy->Server conn using dialer.DialContext(...)
then proxy upgrades the Proxy->Client request to get the Client->Proxy conn using upgrader.Upgrade(...)
When doing 1. I'd like the proxy to pass the Client->Proxy request "Sec-WebSocket-Key" header into the dial Proxy->Server request.
Problem is that dialer.DialContext allows to user to pass a custom "Sec-WebSocket-Key" request header but then it seems that when performing handshake checks it uses the automatically generated key and not the one passed through "Sec-WebSocket-Key" header (c.f. https://github.com/gorilla/websocket/blob/v1.4.2/client.go#L353)
…
Describe the solution you'd like
What would the feature look like? How would it work? How would it change the API?
Could dialer.DialContext allow users to possibly set standard WebSocket headers? Would basically consist in updating check here to use the value passed in reqHeader "Sec-WebSocket-Key"
…
Describe alternatives you've considered
Are there alternatives you've tried, and/or workarounds in-place?
I don't pass the "Sec-WebSocket-Key" header and rely on the generated key but then the key for Client->Proxy request is different from the key for Proxy->Server connection which is not ideal for a proxy
…
The text was updated successfully, but these errors were encountered:
I don't pass the "Sec-WebSocket-Key" header and rely on the generated key but then the key for Client->Proxy request is different from the key for Proxy->Server connection which is not ideal for a proxy
Why isn't this ideal? What problems does it cause?
Edit: A benefit of using the key generated by Dial is that don't need to analyze the security implications of allowing a client to specify the key passed to a backend server.
Is your feature request related to a problem? Please describe.
I am building a WebSocket proxy able to intercept all messages flowing from client to server.
When Client->Proxy request happens,
dialer.DialContext(...)
upgrader.Upgrade(...)
When doing 1. I'd like the proxy to pass the Client->Proxy request "Sec-WebSocket-Key" header into the dial Proxy->Server request.
Problem is that
dialer.DialContext
allows to user to pass a custom "Sec-WebSocket-Key" request header but then it seems that when performing handshake checks it uses the automatically generated key and not the one passed through "Sec-WebSocket-Key" header (c.f. https://github.com/gorilla/websocket/blob/v1.4.2/client.go#L353)…
Describe the solution you'd like
Could
dialer.DialContext
allow users to possibly set standard WebSocket headers? Would basically consist in updating check here to use the value passed in reqHeader "Sec-WebSocket-Key"…
Describe alternatives you've considered
I don't pass the "Sec-WebSocket-Key" header and rely on the generated key but then the key for Client->Proxy request is different from the key for Proxy->Server connection which is not ideal for a proxy
…
The text was updated successfully, but these errors were encountered: