This pywebsocket code is mostly unchanged from the source at svn checkout http://pywebsocket.googlecode.com/svn/trunk/ pywebsocket-read-only The current Mozilla code is based on svnversion: 860 (supports RFC 6455, permessage compression extension) -------------------------------------------------------------------------------- STEPS TO UPDATE MOZILLA TO NEWER PYWEBSOCKET VERSION -------------------------------------------------------------------------------- - Get new pywebsocket checkout from googlecode (into, for instance, 'src') svn checkout http://pywebsocket.googlecode.com/svn/trunk/ pywebsocket-read-only - Export a version w/o SVN files: svn export src dist - rsync new version into our tree, deleting files that aren't needed any more (NOTE: this will blow away this file! hg revert it or keep a copy.) rsync -rv --delete dist/ $MOZ_SRC/testing/mochitest/pywebsocket - Get rid of examples/test directory and some cruft: rm -rf example test setup.py MANIFEST.in - Manually move the 'standalone.py' file from the mmod_pywebsocket/ directory to the parent directory (not sure why we moved it: probably no reason) - hg add/rm appropriate files, and add/remove them from testing/mochitest/moz.build - We need to apply the patch to hybi.py that makes HSTS work: (attached at end of this README) - Test and make sure the code works: make mochitest-plain TEST_PATH=dom/base/test/test_websocket.html - If this doesn't take a look at the pywebsocket server log, $OBJDIR/_tests/testing/mochitest/websock.log - Upgrade the svnversion number at top of this file to whatever version we're now based off of. -------------------------------------------------------------------------------- PATCH TO hybi.py for HSTS support: diff --git a/testing/mochitest/pywebsocket/mod_pywebsocket/handshake/hybi.py b/testing/mochitest/pywebsocket/mod_pywebsocket/handshake/hybi.py --- a/testing/mochitest/pywebsocket/mod_pywebsocket/handshake/hybi.py +++ b/testing/mochitest/pywebsocket/mod_pywebsocket/handshake/hybi.py @@ -299,16 +299,19 @@ class Handshaker(object): status=common.HTTP_STATUS_BAD_REQUEST) raise VersionException( 'Unsupported version %r for header %s' % (version, common.SEC_WEBSOCKET_VERSION_HEADER), supported_versions=', '.join(map(str, _SUPPORTED_VERSIONS))) def _set_protocol(self): self._request.ws_protocol = None + # MOZILLA + self._request.sts = None + # /MOZILLA protocol_header = self._request.headers_in.get( common.SEC_WEBSOCKET_PROTOCOL_HEADER) if protocol_header is None: self._request.ws_requested_protocols = None return @@ -396,16 +399,21 @@ class Handshaker(object): response.append(format_header( common.SEC_WEBSOCKET_PROTOCOL_HEADER, self._request.ws_protocol)) if (self._request.ws_extensions is not None and len(self._request.ws_extensions) != 0): response.append(format_header( common.SEC_WEBSOCKET_EXTENSIONS_HEADER, common.format_extensions(self._request.ws_extensions))) + # MOZILLA: Add HSTS header if requested to + if self._request.sts is not None: + response.append(format_header("Strict-Transport-Security", + self._request.sts)) + # /MOZILLA # Headers not specific for WebSocket for name, value in self._request.extra_headers: response.append(format_header(name, value)) response.append('\r\n') return ''.join(response)