### summary
😅 Every time I use `gorilla/websocket`, I need to look at the source
code and find the default size for readBufferSize and writeBufferSize.
I think the default value should be written in the comment.
Signed-off-by: rfyiamcool <rfyiamcool@163.com>
Co-authored-by: Alex Vulaj <ajvulaj@gmail.com>
Fixes#822
**Summary of Changes**
1. Changed the order of subprotocol selection to prefer client one
---------
Co-authored-by: Corey Daley <cdaley@redhat.com>
- Add Go 1.11 to Travis config
- Use short variable declarations where possible.
- Remove unnecessary build tags after move to Go 1.7 min version.
- Simplify composite literals.
- Remove unused fields (err in PerparedMessage)
- Fix errors reported by golint and goword.
Add WriteBufferPool to Dialer and Upgrader. This field specifies a pool
to use for write operations on a connection. Use of the pool can reduce
memory use when there is a modest write volume over a large number of
connections.
Use larger of hijacked buffer and buffer allocated for connection (if
any) as buffer for building handshake response. This decreases possible
allocations when building the handshake response.
Modify bufio reuse test to call Upgrade instead of the internal
newConnBRW. Move the test from conn_test.go to server_test.go because
it's a serer test.
Update newConn and newConnBRW:
- Move the bufio "hacks" from newConnBRW to separate functions and call
these functions directly from Upgrade.
- Rename newConn to newTestConn and move to conn_test.go. Shorten
argument list to common use case.
- Rename newConnBRW to newConn.
- Add pool code to newConn.
Change the subprotocol and extension header names to match the case used
in RFC examples. Other headers names already match the case used in the
examples.
Although the headers names in the handshake are case insensitive, some
libraries expect the exact case used in the RFC examples. This change
allows the package to interoperate with those broken libraries.
Remove the example code to disable origin checks from the documentation.
I am concerned that developers are copying the code without
understanding the security implications of the code. Most applications
should not use this code.
Change the bad origin error message to mention Upgrader.CheckOrigin
Mention cross-site request forgery in the Upgrader.CheckOrigin doc.
Change the error text for bad handshake errors from
websocket: not a websocket handshake:
to:
websocket: the client is not using the websocket protocol:
The new text should be more helpful to developers who do not know or
understand the details of the protocol.
Test for bad handshake before other request errors.
Reuse the buffer backing the bufio.Writer returned from hijack if that
buffer is large enough to be generally useful and
Upgrader.WriteBufferSize == 0.
Update the logic for reusing bufio.Reader returned from hijack to match
the logic for bufio.Reader: The buffer backing the reader must be
sufficiently large to be generally useful and Upgrader.ReadBufferSize ==
0.
Improve the documentation for ReadBufferSize and WriterBufferSize in
Dialer and Upgrader.
Upgrade typically fails because the request is not a handshake, not
because the handshake is malformed. To help developers diagnose the
common case, state explicitly that the request is not a handshake in
error messages.
To help diagnose malformed requests, capitalize and 'quote' header names
in error messages.
Update the error messages for missing 'Connection: upgrade' and
'Upgrade: websocket' tokens to indicate that the header might not be
present. The previous error message implied that the header is present,
but has the wrong value. This leads to some confusion for those
debugging connection problems.
Update the default origin test to treat no origin specified as OK. If
the client can create a request without the origin set, then the client
can also create a request with an arbitrary origin.
- Revert back to using Subprotocols []string. The protocol negotiation
using Subprotocols should meet the needs of most applications.
Applications are not locked into using this negotiation. An
application can pick a protocol some other way and specify the
protocol using the Sec-Websocket-Protocol response header.
- Parse the origin using url.Parse. This is the correct function to use
when parsing a full URL.
- Improve comments.
Konstantin Burkalev