HTML and CSS Reference
Listing 7-1. Client Initiating a WebSocket Handshake
GET /echo HTTP/1.1
The server sends back a response, as shown in Listing 7-2.
Listing 7-2. Server Responding to and Completing a WebSocket Handshake
101 Switching Protocols
Date: Wed, 20 Jun 2012 03:39:49 GMT
Server: Kaazing Gateway
Two significant areas in the handshake to note are the Origin header and the
Sec- headers, which we'll examine in the next sections.
The WebSocket Protocol (RFC 6455) was published at the same time as another
document that defines a key idea necessary for WebSockets to be safely deployed across
the Web: origin. The origin concept appears in earlier specifications such as Cross-
Document Messaging and Cross-Domain Resource Sharing, and is widely used today.
However, in order for the WebSocket standard to be usefully and safely rolled out to
the Web, the origin concept needed to be more precisely defined. RFC 6454 achieves
this by defining and describing the principles behind the same origin policy and, more
importantly, the origin header.
Not ■ For the complete RFC 6454 specification, see
Origins consist of a scheme, host, and port. In serialized form, an origin looks like a
URL: the scheme and host are separated by :// and a colon precedes the port. For origins
where the port matches the default port for the scheme, the port is omitted.