[Twisted-Python] ws(s):// urls and host/port duplication in twisted/autobahn code
Tobias Oberstein
tobias.oberstein at gmail.com
Thu Apr 11 02:35:12 MDT 2019
Am 10.04.19 um 19:46 schrieb meejah:
> Chris Withers <chris at withers.org> writes:
>
>> Not sure I follow, I specify ws:// and things work. What am I missing?
>> (I know the initial protocol is http and that's "upgraded" into
>> websocket, but the url is still ws:// or wss://, right?)
>
> What Tobias is getting at, I think, is that your URL could be
> wss://example.com/ws but the endpoint could be a unix-socket at
> /var/run/foo
yeah, exactly. thx for helping out;)
>>> fwiw, WAMP is a protocol with a clear-cut, rigorous and decoupled
>>> layering:
>
>> Do browsers speak WAMP?
>
> Yes. See Autobahn-JS
>
>> Do firewalls get upset with it?
>
> No.
>
> WAMP connections are usually "outbound" style connections to the router,
> so most firewall configurations will be fine with this.
yes!
let me add some more details (which are irrelevant in most common cases)
- "usually": WAMP _can_ run _also_ over connections where the WAMP level
peer role assignment (client vs router) is fully independent of the
transport level role (client vs server) assignment as dictated from the
direction of connection establishment. eg when runnin WAMP over pipes on
Twisted, the connection establishment / transport roles are reversed
- firewalls: np as long as _outbound_ TLS on 443 is allowed (HTTPS). no
open ports whatsoever are required, and WAMP still allows you to to RPCs
_from_ the cloud _to_ the thing sitting inside / behind the firewall.
you can even do RPCs between 2 browser tabs
(https://crossbario.com/blog/Free-Your-Code-Backends-in-the-Browser/)
- MITM https proxies: those TLS unwrapping intermediaries might break
websocket - if they are not websocket aware or sidestepping via admin
config of the MITM box. anything over websocket is affected then (not
only WAMP). TLS v1.3 will make those privacy breaking intermediaries sad
anyways - which is a GOOD THING!! luckily, the IETF dismissed the last
minute push from the banking corps in particular to compromise TLS v1.3.
there are a couple of threads on the IETF WG which really are fun to read;)
More information about the Twisted-Python
mailing list