Hacker News new | ask | show | jobs
by marcopolo 596 days ago
Masking in the WebSocket protocol is kind of a funny and sad fix to the problem of intermediaries trying to be smart and helpful, but failing miserably.

The linked section of the RFC is worth the read: https://www.rfc-editor.org/rfc/rfc6455#section-10.3
1 comments
moron4hire 595 days ago
How is this a problem of WebSockets and not HTTP in general?

The RFC has a link to a document describing the attack, but the link is broken.

link