I am running Tomcat 8.0.33. In my webapp I need to make outbound websocket connections (i.e. be a client endpoint) through a HTTP proxy.
Outbound encrypted websockets (wss://foo.bar) work fine, but unencrypted ones (ws://foo.bar) fail. What I am seeing (in WsWebSocketContainer.createProxyRequest()) is that when there is no explicit port in the websocket URL, the container does not put in an explicit port when building the CONNECT string. So both ws://foo.bar and wss://foo.bar turn into CONNECT foo.bar HTTP/1.1 [etc] The proxy (reasonably, IMHO) assumes that a connect request with no explicit port is going to port 443 on the destination host, and thus the failure. (And of course, if the proxy assumed no explicit port meant port 80, then the problem would simply be happening in the opposite way where ws:// would work but wss:// would not). If I add an explicit port to the ws:// URL (so ws://foo.bar:80) then the websocket works fine through the proxy. By contrast, Tyrus always puts an explicit port number in the CONNECT request even when the ws:// and wss:// URLs do not have explicit port numbers. I've been looking at RFC 6455 and to my reading it says that a websocket client should include the port when asking the proxy to make a connection to the ultimate destination host. Is this a known bug? An acceptable difference in interpretation of the RFC? -- Rich Carreiro rlc...@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org