Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] Allow user to pass "Sec-Websocket-Key" header on Dial #685

Closed
nmvalera opened this issue Apr 30, 2021 · 2 comments
Closed

[feature] Allow user to pass "Sec-Websocket-Key" header on Dial #685

nmvalera opened this issue Apr 30, 2021 · 2 comments
Labels
enhancement

Comments

@nmvalera
Copy link

nmvalera commented Apr 30, 2021
edited
Loading

Is your feature request related to a problem? Please describe.

A clear and concise description of what the problem is - e.g. "I'm always frustrated when [...]"

I am building a WebSocket proxy able to intercept all messages flowing from client to server.

When Client->Proxy request happens,

  1. then proxy dials the server to get the Proxy->Server conn using dialer.DialContext(...)
  2. then proxy upgrades the Proxy->Client request to get the Client->Proxy conn using upgrader.Upgrade(...)

When doing 1. I'd like the proxy to pass the Client->Proxy request "Sec-WebSocket-Key" header into the dial Proxy->Server request.

Problem is that dialer.DialContext allows to user to pass a custom "Sec-WebSocket-Key" request header but then it seems that when performing handshake checks it uses the automatically generated key and not the one passed through "Sec-WebSocket-Key" header (c.f. https://github.com/gorilla/websocket/blob/v1.4.2/client.go#L353)

Describe the solution you'd like

What would the feature look like? How would it work? How would it change the API?

Could dialer.DialContext allow users to possibly set standard WebSocket headers? Would basically consist in updating check here to use the value passed in reqHeader "Sec-WebSocket-Key"

Describe alternatives you've considered

Are there alternatives you've tried, and/or workarounds in-place?

I don't pass the "Sec-WebSocket-Key" header and rely on the generated key but then the key for Client->Proxy request is different from the key for Proxy->Server connection which is not ideal for a proxy
@ghost
Copy link

ghost commented Apr 30, 2021
edited by ghost
Loading

I don't pass the "Sec-WebSocket-Key" header and rely on the generated key but then the key for Client->Proxy request is different from the key for Proxy->Server connection which is not ideal for a proxy

Why isn't this ideal? What problems does it cause?

Edit: A benefit of using the key generated by Dial is that don't need to analyze the security implications of allowing a client to specify the key passed to a backend server.

@garyburd
Copy link
Contributor

I am closing this issue because OP has not given a specific reason why the feature is needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@garyburd @nmvalera