HTML and CSS Reference
In-Depth Information
Listing 7-1.
Client Initiating a WebSocket Handshake
Request
GET /echo HTTP/1.1
Host: echo.websocket.org
Origin:
http://www.websocket.org
Sec-WebSocket-Key: 7+C600xYybOv2zmJ69RQsw==
Sec-WebSocket-Version: 13
Upgrade: websocket
The server sends back a response, as shown in Listing 7-2.
Listing 7-2.
Server Responding to and Completing a WebSocket Handshake
Response
101 Switching Protocols
Connection: Upgrade
Date: Wed, 20 Jun 2012 03:39:49 GMT
Sec-WebSocket-Accept: fYoqiH14DgI+5ylEMwM2sOLzOi0=
Server: Kaazing Gateway
Upgrade: WebSocket
Two significant areas in the handshake to note are the
Origin
header and the
Sec-
headers, which we'll examine in the next sections.
Origin Header
The WebSocket Protocol (RFC 6455) was published at the same time as another
document that defines a key idea necessary for WebSockets to be safely deployed across
the Web: origin. The origin concept appears in earlier specifications such as Cross-
Document Messaging and Cross-Domain Resource Sharing, and is widely used today.
However, in order for the WebSocket standard to be usefully and safely rolled out to
the Web, the origin concept needed to be more precisely defined. RFC 6454 achieves
this by defining and describing the principles behind the same origin policy and, more
importantly, the origin header.
Not
■
For the complete RFC 6454 specification, see
Origins consist of a scheme, host, and port. In serialized form, an origin looks like a
URL: the scheme and host are separated by
://
and a colon precedes the port. For origins
where the port matches the default port for the scheme, the port is omitted.
