Skip to content

Instantly share code, notes, and snippets.

View takahser's full-sized avatar
:octocat:
🤙🏼

S E R A Y A takahser

:octocat:
🤙🏼
View GitHub Profile
@subudeepak
subudeepak / WebSockets.md
Last active May 31, 2024 09:36
The problems and some security implications of websockets - Cross-site WebSockets Scripting (XSWS)

WebSockets - An Introduction

WebSockets is a modern HTML5 standard which makes communication between client and server a lot more simpler than ever. We are all familiar with the technology of sockets. Sockets have been fundamental to network communication for a long time but usually the communication over the browser has been restricted. The general restrictions

  • The server used to have a permanent listener while the client (aka browser) was not designated any fixed listener for a more long term connection. Hence, every communication was restricted to the client demanding and the server responding.
  • This meant that unless the client requested for a particular resource, the server was unable to push such a resource to the client.
  • This was detrimental since the client is then forced to check with the server at regular intervals. This meant a lot of libraries focused on optimizing asynchronous calls and identifying the response of asynchronous calls. Notably t