Codec's Receive method calls io.ReadAll of the whole frame payload,
which can be abused by user sending large payloads in order to exhaust
server memory.
Introduce limit on received payload size defined by
Conn.MaxPayloadBytes. If payload size of the message read with
Codec.Receive exceeds limit, ErrFrameTooLarge error is returned; the
connection can still be recovered if required: the next call to Receive
would at first discard leftovers of previous oversized message before
processing the next one.
Fixesgolang/go#5082.
Change-Id: Ib04acd7038474fee39a1719324daaec1c0c496b1
Reviewed-on: https://go-review.googlesource.com/23590
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This change adds a Dialer field to websocket.Config struct. If this
value is set the Dialer will be used. If it's nil, DialConfig will
create an empty Dialer that will maintain the original behavior.
Because before Go 1.3 there was no crypto/tls.DialWithDialer function,
the Dialer will be ignored when opening TLS connections in these
versions.
Fixesgolang/go#9198.
Change-Id: If8b5c3c47019a3d367c436e3e60eb54bf0276184
Reviewed-on: https://go-review.googlesource.com/12191
Reviewed-by: Russ Cox <rsc@golang.org>
The contract for Read specifies that a caller should process n bytes of
data before handling an error value. The previous implementation may
have discarded the final data read from the underlying reader if err
was non nil.
Change-Id: I81547cd9ea62c4060f79523679beed6bbc6ccd95
Reviewed-on: https://go-review.googlesource.com/23534
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Specifically state that it is safe to call methods on Conn from multiple
goroutines in the docs.
Fixes#6692
Change-Id: I1b0e8812ca5b2e3ca72948c5404d569879e54f34
Reviewed-on: https://go-review.googlesource.com/20455
Reviewed-by: Andrew Gerrand <adg@golang.org>
When making a request to an IPv6 address with a zone identifier, for
exmaple [fe80::1%en0], RFC 6874 says HTTP clients must remove the zone
identifier "%en0" before writing the request for security reason.
This change removes any IPv6 zone identifer attached to URI in the Host
header field in requests.
See golang/go#9544.
Change-Id: Ie5d18a0bc5f2768a95c59ec2b159ac0abdf685e8
Reviewed-on: https://go-review.googlesource.com/13296
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Some servers return a websocket url without a port. This patch
automatically adds :80 for ws and :443 for wss.
Change-Id: Ifdcdbda8f87c994a5f351234c83bf4a07be34ea2
Reviewed-on: https://go-review.googlesource.com/2210
Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com>
If client sent no subprotocol (e.g. no Sec-WebSocket-Protocol),
websocket server responded with the following header
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: E7SRWRnZL9RuGFLuZ0j4508nqdg=
Sec-WebSocket-Protocol:
So, client may close the connection because it contains
wrong empty Sec-WebSocket-Protocol header.
If client didn't offer any subprotocol, don't set
config.Protocol, so that not emit empty Sec-WebSocket-Protocol.
Fixesgolang/go#5457.
R=golang-dev, mikioh.mikioh
CC=golang-dev
https://golang.org/cl/9379044
Add websocket.Server to configure WebSocket server handler.
- Config.Header is additional headers to send, so you can use it
to send cookies or so.
To read cookies, you can use Conn.Request().Header.
- factor out Handshake.
You can set func to check origin, subprotocol etc.
Handler checks origin by default.
Fixesgolang/go#4198.
Fixesgolang/go#5178.
R=golang-dev, mikioh.mikioh, crobin
CC=golang-dev
https://golang.org/cl/8731044
Manual edits to README.
Moved from main Go repository, deleted Makefiles, ran gofix -r go1rename.
Tested with: go test code.google.com/p/go.net/...
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5574065
