(www.recall.ai)

257 points tosh | 2 comments | 06 Nov 24 18:50 UTC | HN request time: 0.431s | source

1. marcopolo ◴[06 Nov 24 20:43 UTC] No.42069051[source]▶

>>42067275 (OP) #

Masking in the WebSocket protocol is kind of a funny and sad fix to the problem of intermediaries trying to be smart and helpful, but failing miserably.

The linked section of the RFC is worth the read: https://www.rfc-editor.org/rfc/rfc6455#section-10.3

replies(1): >>42071837 #

2. moron4hire ◴[07 Nov 24 00:34 UTC] No.42071837[source]▶

>>42069051 (TP) #

How is this a problem of WebSockets and not HTTP in general?

The RFC has a link to a document describing the attack, but the link is broken.

↑

WebSockets cost us $1M on our AWS bill