Hi folks,
I've been sifting through all the APIs in our project list and am
working on a draft/for discussion API. But one thing that came up a few
emails ago a couple of times is the issue of access to the header
information in the handshake request.
Which headers are needed in the process seem...clearish to me - the
websocket protocol lays out headers like Origin, or
Sec-WebSocket-Protocol for example, and how the client should use them
and the server process them.
If we assume that the web socket implementation 'will take care of the
plumbing' and the application developer will take care of 'application
specific things', its less clear to me what information in the handshake
is plumbing and what is application specific. And so, while I think
through a draft API, I'm thinking through what needs to be exposed
through the API, and what is just dealt with in the implementation.
So, please check my thinking !
Origin header - mostly 'plumbing': client implementation may or may not
provide, server implementation may or may not check. App developer might
care to know if the server's policy is to check clients declared name or
not ?
Sec-WebSocket-Protocol - 'application specific': particular client apps
will want to declare an ordered list of preferred subprotocols, a
particular server app will want to respond with a single preferred
subprotocol it will support for a given client based on its declared
subprotocol list.
Sec-WebSocket-Extensions - similar responsibilities as above, except the
server-side applications respond with a list of extensions.
(Sidebar: what extensions are people here seeing used ?)
Request-URI : I expect we will have some discussion in the near future
about mapping schemes for URIs for websocket endpoints. Until then, safe
to say the application layer will have knowledge of the address space in
some way.
Cookies: Seems like a no-brainer to expose the HttpSession to
applications that are deployed inside a web application, but that could
be done without exposing all the cookies on the handshake request to the
app developer. So, what application-specific uses of Cookies have people
made, or heard of ? It would help to have some use cases here to know
how/if to expose this to the developer.
Any other Request headers that either specific client applications or
specific server applications are making use of that you know ?
Thanks,
- Danny
--
<http://www.oracle.com> *Danny Coward *
Java EE
Oracle Corporation