Sometimes I want to refuse a http client’s request to upgrade connection to websocket.
Code
(using go
‘s Gin
and gorilla/websocket
framework:)
To allow upgrade:
c, err := ctl.upgrader.Upgrade(ctx.Writer, ctx.Request, nil) err = c.WriteJSON(resp)
To refuse upgrade (due to invalid request params):
if contentId == "" || !exists { // FIXME: provide response in a way that ws client can recognize & show tip? ctx.String(http.StatusBadRequest, "invalid or non-existing contentId") return }
Explaination: Here to refuse the upgrade I just return a http 400
code, then terminate the connection, and didn’t do the upgrade at all.
The issue
The problem to refuse websocket upgrade request with about code is that, the websocket client (e.g js
), can’t read data (text or json) in my response.
Code – client-side (js
):
ws.onerror = function (evt) { // TOOD: handle error, (e.g print error msg?), print("ERROR"); }
It does print the "ERROR"
on refuse, but after checking chrome developer tool about the evt
object, can’t find a way to get server response data, so I can’t show tip to frontend UI with reason of refuse.
Questions
- How to refuse websocket upgrade request properly, and let client be able to receive the returned reason/data ? (e.g client is
js
, server isgo
/gin
/gorilla/websocket
). - Is there a better way to refuse websocket upgrade request, other than return http code like
400
?
Advertisement
Answer
To reject a websocket connection, do not upgrade the connection as described in the question. The browser API does not provide information about why the connection was rejected because the information can violate the same-origin policy.
Do the following to send an error reason back to the client application or user:
- Upgrade the connection.
- Send a close message with the error reason.
- Close the connection.
Here’s an example:
c, err := ctl.upgrader.Upgrade(ctx.Writer, ctx.Request, nil) if err != nil { // TODO: handle error } if contentId == "" || !exists { c.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.ClosePolicyViolation, "bad content id or not exist")) c.Close() return } // Continue with non-error case here.
Access the reason from the close handler in JS:
ws.onclose = function (evt) { if (evt.code == 1008) { // 1008 is policy violation console.log(evt.reason) } }