I'm sure I've asked this before and don't remember if I ever got an answer, but BOSH defines a version string during negotiation, but as far as I can tell there is no actual version listed anywhere. The XEP version doesn't even match the same format (and of course involves lots of changes that wouldn't change a protocol version anyways), so I have no idea what value to put there?
Sam Whited
(not the xmpp:version from XEP-0206, but the ver attribute from XEP-0124, to be clear)
Zashlooks at Prosodys mod_bosh
Zash
It has '1.6' 🤷️
Kev
Urgh. If people are going to discuss BOSH can they at least put it in NSFW tags or something? :(
Sam Whited
hah, that would be a good April 1st XEP. NSFW feature (which could be a real feature) but also we list technologies such as BOSH that must be behind it.
Zash
There is that spoiler message XEP...
Sam Whited
Zash: 1.6 appears to be used in one of the examples and is a version of the BOSH XEP itself, so maybe that was the intent? I have no idea.
Sam Whited
Especially since the XEP version might be bumped just for typos and recent ones use major.minor.patch syntax which doesn't fit the bosh version syntax
Sam Whitedlooks at who introduced the new version syntax and broke things… *blushes*
jonnjhas left
Sam Whited
*sigh* it would almost be easier to revive the websocket over HTTP/2 I-D than to continue implementing BOSH.
Kev
Swiften also sends 1.6, FWIW.
Zash
1.6 was probably the latest version when mod_bosh was written, it was committed ~2 months after 1.7 was published (according to the xep changelog)
Kev
But my view is that if you're implementing BOSH for anything less than a significant amount of money (or insert other motivator here), you're probably soft in the head.
moparisthebest
Sam Whited, revive what? doesn't https://tools.ietf.org/html/rfc8441 support it?
Kev
AFAICS, Swiften doesn't care at all about the ver, it just includes it at 1.6
Kev
I *suspect* that's true of every implementation, but have no evidence to support that.
Kev: you're not wrong… this is the second or third time I've tried to do this (only once for money, and even then only a moderate amount of money)
Sam Whited
And every single time I think "this time's the one, this time it will work correctly" and I always end up abandoning it in frustration.
Sam Whited
I'll stick with 1.6 for compatibility then (why not). Thanks
Kev
I've implemented it once and a bit. I think another implementation is in my future, but I'm trying to avoid it.
Sam Whited
moparisthebest: thanks for the link, I thought this had never gotten beyond I-D for some reason. I'll have to re-read (assuming this is the same thing) and see. Maybe websockets actually does work on HTTP/2 now and I just have old info
Sam Whited
I guess I didn't abandon the commercial one in frustration, HipChat just ended up being sold and I left the company. No idea if they ever used it or not.
goffihas left
goffihas joined
asterixhas left
asterixhas joined
jonnjhas joined
stpeterhas joined
moparisthebest
Sam Whited: I was rather recently surprised by that RFC also :)
moparisthebest
The next question is will the same thing work over http/3
SouLhas left
asterixhas left
asterixhas joined
SouLhas joined
adityaborikarhas left
adityaborikarhas joined
adityaborikarhas left
adityaborikarhas joined
junaidhas left
junaidhas joined
kikuchiyohas left
kikuchiyohas joined
belonghas left
belonghas joined
marmistrzhas left
edhelashas left
edhelashas joined
marmistrzhas joined
paulhas left
paulhas joined
paulhas left
paulhas joined
alex-a-sotohas left
alex-a-sotohas joined
Guesthas joined
Guesthas left
stpeterhas left
paulhas left
paulhas joined
stpeterhas joined
stpeterhas left
stpeterhas joined
Sam Whited
Another stupid question which I just realized is a problem (potentially): what do people do in their libraries if someone tries to send an IQ without a namespace? Normally it would just be in the default namespace and therefore still a stanza, but if I implemented the websocket subprotocol as discussed earlier it wouldn't have a namespace and wouldn't be a stanza. Maybe I should detect anything called "iq", "message", or "presence" without a namespace set and just set it to the right thing (although technically I guess that's wrong and you could have a non-stanza thing called "iq", but that would be dumb so I'm not sure if I care)\
Zash
Dunno what libraries do, but Prosody tweaks the namespace on outgoing stanzas to have the proper jabber:client namespace if it's unset.
flow
ideally users are not able to construct IQ instances without a namespace✎
Sam Whited
Users can send whatever arbitrary XML they want, so that's not an option
Zash
I feel like there would be type system things you could do here
Sam Whited
But that's a good point, maybe if it's sent with the IQ struct I could find a way to make those always get the right namespace set at least
Sam Whited
Then if users deliberately encode XML tokens that include "<iq xmlns=''/>" that's fine, it's their problem, but if they use the safer library features they get the correct behavior
flow
ideally users are not able to construct IQ instances without a namespace (for the IQ child element) ✏
flow
I just realized that we are talking only about jabber:client / jabber:server as namespace
Zash
That may be a nice place to enforce that iq stanzas have an @id attribute as well, and other constraints
Sam Whited
oh yah, sorry, wasn't thinking of the IQ child
Sam Whited
I have ID enforced at the stream level actually. It looks at all tokens passing through and if any of them are "iq", "message", or "presence" with namespace "jabber:client" or "jabber:server" it adds IDs (and "from" if it's an s2s connection)
flow
in Smack, stanzas implicitly have the right namespace (jabber:client in smack's case), and when the stanza is serialized, Smack will try to avoid printing the namespace declaration if it is redundant
Sam Whited
So right now if you sent "iq" with no namespace those rules wouldn't trigger either
Sam Whited
meh, maybe I'll just add the namespace to anything called "iq" with an empty namespace in the same place IDs are enforced. It's just easier and if it ever causes an actual problem I'll eat my hat
Zash
Similar in Prosody, missing xmlns attribute normally means it's the same as the parent, or the default stream namespace, but websocket being a bit special there means special care needs to be taken somewhere in the pipeline.
Zash
(Why couldn't we have a websockets-for-normal-clients that's just the same as the TCP binding but with WS framing?)
o2has left
Sam Whited
I wonder that every time I read through this spec…
Sam Whited
I'm sure there was some sort of good reason for doing it this way, but I have no idea what it is.
Zash
It's because browsers don't have streaming XML parsers exposed to JavaScript
Zash
Thus every frame must be a vaid XML document.
Sam Whited
oh yah, that makes sense
Sam Whited
Actual other question: I was just thinking I'd do the client side because "why not?" (once I've done the receiving side it's pretty trivial to make the handshake work for a client connection too), but why would anything use websockets that's not actually the web?
stpeter
Heh, I still remember trying to convince Mike Shaver to add XMPP to Firefox at an OSCON in Portland around 2002/2003...
Sam Whited
I guess technically some server could only expose that
Zash
But WebSockets have sub-protocol negotiation, it wouldn't be super hard to add another for those with streaming parsers
Sam Whited
stpeter: as a javascript feature or as part of that chat product that was built in for a while? Either way, that would have been fun :)
Zash
You could have used it to get trough web stacks and firewalls, but now you could do that with ALPN instead.
moparisthebest
> why would anything use websockets that's not actually the web?
another easy firewall bypass Sam Whited
Sam Whited
Oh yah, firewall bypass makes sense
Zash
There are desktop clients with BOSH support after all
stpeter
Sam Whited: the idea that DizzyD and I had was that they could use XMPP for real-time notifications and experiences within the browser
moparisthebest
you've got your network security people who refuse to expose anything to the internet that can't be "protected" by their enterprise (tm) WAF
Sam Whited
nifty
stpeter
(this was before xmlhttprequest and such)
moparisthebest
stpeter, so you invented push notifications? :)
Zash
Oh, I though XHR dated back to the 90s, better recallibrate that.
stpeter
Zash: not sure actually
Zash
Or maybe it's just so long ago that my brain is compressing the 90-00 era into one...