]> The University of Tokyo/WIDE Project

Japan momoka.my6@gmail.com

Applications and Real-Time HTTP WebSockets This document proposes a new HTTP settings parameter, SETTINGS_ENABLE_WEBSOCKETS. This parameter indicates whether the server supports bootstrapping WebSockets over the established connection. Discussion Venues Discussion of this document takes place on the HTTP Working Group mailing list (ietf-http-wg@w3.org), which is archived at . Source for this draft and an issue tracker can be found at .

Introduction The mechanisms for running the WebSocket protocol over a single stream of an HTTP/2 and HTTP/3 connection is defined in and . The extended CONNECT mechanism is used for bootstrapping WebSockets from HTTP/2 and HTTP/3. Support for the extended CONNECT mechanism is advertised using HTTP/2 and HTTP/3 settings parameter SETTINGS_ENABLE_CONNECT_PROTOCOL. However, the support of extended CONNECT does not necessarily indicate support for WebSockets over that HTTP connection. Other protocols such as also use extended CONNECT and send SETTINGS_ENABLE_CONNECT_PROTOCOL settings parameters as well. Suppose the server supports Extended CONNECT and has a wss::// URL, but does not support bootstrapping WebSockets over this HTTP connection. In this case, a client attempting to initiate a WebSocket handshake using Extended CONNECT will fail, and the client would need to create a WebSocket connection using the HTTP/1.1 Upgrade mechanism. This is why a SETTINGS_ENABLE_WEBSOCKETS settings parameter is needed.

SETTINGS_ENABLE_WEBSOCKETS Parameter This document defines the SETTINGS_ENABLE_WEBSOCKETS parameter for HTTP/2 and HTTP/3. A server can send this setting to inform a client that it supports bootstrapping WebSockets over the HTTP connection. The value of the parameter MUST be 0 or 1. This parameter has no default value, as its absence indicates a lack of information from the server. If the server supports bootstrapping WebSockets over the HTTP connection, it SHOULD include the SETTINGS_ENABLE_WEBSOCKETS parameter in the SETTINGS frame with a value of 1. If the server does not support bootstrapping WebSockets over the HTTP connection it SHOULD send the parameter with a value of 0. A server MUST NOT send a SETTINGS_ENABLE_WEBSOCKETS parameter with the value of 0 after previously sending a value of 1. A client MUST NOT send this setting parameter. Receipt of this parameter by a server does not have any impact. The SETTINGS_ENABLE_WEBSOCKETS parameter is an explicit signal about the server support for bootstrapping WebSockets on the connection. Where a server declares it does not support WebSockets, clients can avoid sending WebSocket handshake requests that would fail. This saves unnecessary work for both client and server, and potentially reduces delays. For instance, a client that learns an HTTP/2 or HTTP/3 connection does not support WebSockets via the setting, could instead attempt to create a WebSocket using the HTTP/1.1 Upgrade mechanism at the immediate moment it is required. Other protocols also rely on the extended CONNECT extension for bootstrapping. This mechanism provides clients with a stronger signal about whether the WebSocket protocol is supported on a connection. This can help improve compatibility with other extended CONNECT-based protocols by avoiding the client making assumption about the supported protocols. Clients that do not implement this extension will not be able to use its signal. In order to support legacy deployments, clients MAY initiate a WebSocket request when they receive SETTINGS_ENABLE_WEBSOCKETS with a value of 0, or if the parameter is omitted from received settings. Such requests could fail, introducing additional latency, which this extension is intended to help avoid. A server that sends SETTINGS_ENABLE_WEBSOCKETS with a value of 0 or omits the parameter MUST NOT treat reception of the a WebSocket request as a stream or connection error. Instead, the server can reject the request with a suitable status code.

SETTINGS_ENABLE_CONNECT_PROTOCOL Parameter A server which sends SETTINGS_ENABLE_WEBSOCKETS parameter MUST also send the SETTINGS_ENABLE_CONNECT_PROTOCOL = 1.

Security Considerations This document introduces no new security considerations beyond those discussed in .

IANA Considerations

HTTP/2 Setting IANA is requested to register the following entry in the "HTTP/2 Settings" registry maintained at <>: Code: TBD Name: SETTINGS_ENABLE_WEBSOCKETS Initial Value: None Specification: This document

HTTP/3 Setting IANA is requested to register the following entry in the "HTTP/3 Settings" registry maintained at <>: Value: TBD Setting Name: SETTINGS_ENABLE_WEBSOCKETS Default: None Status: provisional Reference: This document Change Controller: Momoka Yamamoto (IETF if this document is approved) Contact: Momoka Yamamoto (HTTP_WG; HTTP working group; ietf-http-wg@w3.org if this document is approved)

References Normative References Adobe Fastly greenbytes Mozilla Apple Inc. Akamai The WebSocket Protocol enables two-way communication between a client running untrusted code in a controlled environment to a remote host that has opted-in to communications from that code. The security model used for this is the origin-based security model commonly used by web browsers. The protocol consists of an opening handshake followed by basic message framing, layered over TCP. The goal of this technology is to provide a mechanism for browser-based applications that need two-way communication with servers that does not rely on opening multiple HTTP connections (e.g., using XMLHttpRequest or <iframe>s and long polling). [STANDARDS-TRACK] This document defines a mechanism for running the WebSocket Protocol (RFC 6455) over a single stream of an HTTP/2 connection. The mechanism for running the WebSocket Protocol over a single stream of an HTTP/2 connection is equally applicable to HTTP/3, but the HTTP-version-specific details need to be specified. This document describes how the mechanism is adapted for HTTP/3. Informative References Google The WebTransport Protocol Framework enables clients constrained by the Web security model to communicate with a remote server using a secure multiplexed transport. It consists of a set of individual protocols that are safe to expose to untrusted applications, combined with a model that allows them to be used interchangeably. This document defines the overall requirements on the protocols used in WebTransport, as well as the common features of the protocols, support for some of which may be optional.

Acknowledgments TODO acknowledge people. Thank you for reading this draft. :)