javascript nodejs + WebSockets - 通过消息拒绝连接
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10560591/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
nodejs + WebSockets - reject the connection with a message
提问by Langdon
I want to provide a meaningful error to the client when too many users are connected or when they're connecting from an unsupported domain, so...
当连接的用户过多或从不受支持的域连接时,我想向客户端提供一个有意义的错误,所以......
I wrote some WebSocket server code:
我写了一些 WebSocket 服务器代码:
var http = require('http');
var httpServer = http.createServer(function (request, response)
{
// i see this if i hit http://localhost:8001/
response.end('go away');
});
httpServer.listen(8001);
// https://github.com/Worlize/WebSocket-Node/wiki/Documentation
var webSocket = require('websocket');
var webSocketServer = new webSocket.server({ 'httpServer': httpServer });
webSocketServer.on('request', function (request)
{
var connection = request.reject(102, 'gtfo');
});
And some WebSocket client code:
以及一些 WebSocket 客户端代码:
var connection = new WebSocket('ws://127.0.0.1:8001');
connection.onopen = function (openEvent)
{
alert('onopen');
console.log(openEvent);
};
connection.onclose = function (closeEvent)
{
alert('onclose');
console.log(closeEvent);
}
connection.onerror = function (errorEvent)
{
alert('onerror');
console.log(errorEvent);
};
connection.onmessage = function (messageEvent)
{
alert('onmessage');
console.log(messageEvent);
};
All I get is alert('onclose');with a CloseEventobject logged to the console without any status code or message that I can find. When I connect via ws://localhost:8001the httpServer callback doesn't come into play, so I can't catch it there. The RFCsuggests I should be able to send any status code other than 101 when there's a problem, but Chrome throws an error in the console Unexpected response code: 102. If I call request.reject(101, 'gtfo'), implying it was successful I get a handshake error, as I'd expect.
我得到的只是alert('onclose');一个CloseEvent记录到控制台的对象,而我找不到任何状态代码或消息。当我通过ws://localhost:8001httpServer 回调连接时没有发挥作用,所以我无法在那里捕捉到它。该RFC建议我应该能够发送超过101以外的任何状态代码时,有一个问题,而Chrome在控制台中引发错误Unexpected response code: 102。如果我调用request.reject(101, 'gtfo'),暗示它成功了,我会收到一个握手错误,正如我所期望的。
Not really sure what else I can do. Is it just not possible right now to get the server response in Chrome's WebSocket implementation?
不太确定我还能做什么。现在是否无法在 Chrome 的 WebSocket 实现中获得服务器响应?
ETA:Here's a really nasty hack in the mean time, I hope that's not what I have to end up doing.
ETA:与此同时,这是一个非常讨厌的黑客,我希望这不是我最终要做的。
var connection = request.accept(null, request.origin);
connection.sendUTF('gtfo');
connection.close();
回答by Brian McKelvey
I'm the author of WebSocket-Node and I've also posted this response to the corresponding issue on GitHub: https://github.com/Worlize/WebSocket-Node/issues/46
我是 WebSocket-Node 的作者,我也在 GitHub 上发布了对相应问题的回复:https: //github.com/Worlize/WebSocket-Node/issues/46
Unfortunately, the WebSocket protocol does not provide any specific mechanism for providing a close code or reason at this stage when rejecting a client connection. The rejection is in the form of an HTTP response with an HTTP status of something like 40x or 50x. The spec allows for this but does not define a specific way that the client should attempt to divine any specific error messaging from such a response.
不幸的是,WebSocket 协议没有提供任何特定机制来在拒绝客户端连接时在此阶段提供关闭代码或原因。拒绝采用 HTTP 响应的形式,HTTP 状态类似于 40x 或 50x。规范允许这样做,但没有定义客户端应该尝试从此类响应中判断任何特定错误消息的特定方式。
In reality, connections should be rejected at this stage only when you are rejecting a user from a disallowed origin (i.e. someone from another website is trying to connect users to your websocket server without permission) or when a user otherwise does not have permission to connect (i.e. they are not logged in). The latter case should be handled by other code on your site: a user should not be able to attempt to connect the websocket connection if they are not logged in.
实际上,只有当您拒绝来自不允许来源的用户(即来自另一个网站的某人未经许可试图将用户连接到您的 websocket 服务器)或用户无权连接时,才应在此阶段拒绝连接(即他们没有登录)。后一种情况应由您站点上的其他代码处理:如果用户未登录,则他们不应尝试连接 websocket 连接。
The code and reason that WebSocket-Node allow you to specify here are an HTTP Status code (e.g. 404, 500, etc.) and a reason to include as a non-standard "X-WebSocket-Reject-Reason" HTTP header in the response. It is mostly useful when analyzing the connection with a packet sniffer, such as WireShark. No browser has any facility for providing rejection codes or reasons to the client-side JavaScript code when a connection is rejected in this way, because it's not provided for in the WebSocket specification.
WebSocket-Node 允许您在此处指定的代码和原因是 HTTP 状态代码(例如 404、500 等)以及作为非标准“X-WebSocket-Reject-Reason”HTTP 标头包含在回复。它在使用数据包嗅探器(例如 WireShark)分析连接时非常有用。当以这种方式拒绝连接时,没有任何浏览器可以向客户端 JavaScript 代码提供拒绝代码或原因,因为 WebSocket 规范中没有提供。
