On 12/08/2015 02:07 AM, Stefan Eissing wrote:
C. if a protocol supports upgrade on request bodies is up to the protocol implementation
and needs to be checked in the "propose" phase
Only if the module's intent is to simply ignore upgrade requests if they
have bodies. Other modules might choose to propose the protocol anyway,
and explicitly fail the request with a 4xx if the upgrade comes to them.
1. Protocols like Websocket need to take over the 101 sending themselves in the
"switch protocol" phase. (correct, Jacob?). Should we delegate the sending of
the 101 to the protocol switch handler?
It's more that I need to be able to interrupt the upgrade if necessary
-- whether that's handled by a separate hook, or by delegating the
upgrade entirely to me, is up for debate. I worry about the duplication
of the Upgrade code if you delegate that to the modules though... seems
like core should understand how to upgrade, and handle it for the modules.
In my head the ideal handshake API goes like this:
- Request comes in with a proposed set of protocols to Upgrade to.
- Core uses the propose hook to get a list of protocols that are valid
upgrades for the current request target. A protocol is chosen.
- The module that won the proposal is given one last chance to check the
incoming request and fail the upgrade with an immediate HTTP response.
- Otherwise, core sends the 101.
- The switch handler takes over the connection.
- The connection is closed after the switch handler returns.
I am still not sure where the authnz calls fit in, though. h2c and
tls+http/1.1 can send a 401 after the protocol switch if they want
(right?), but WebSocket needs to send it before the protocol switch, and
having to replicate the authnz checks in my switch handler would be a
pain...
4. status code of protocol switch handler: if we move the task of 101 sending, the switch
handler might not do it and keep the connection on the "old" protocol. Then a
connection close is not necessary. So, we would do the close only when the switch handler
returns APR_EOF.
That's an interesting idea. Seems like it would work.
--Jacob
