| Subject: | Net::Async::WebSocket::Client send_frame sends invalid websocket frames |
The docs say:
$client->connect(
url => "ws://$HOST:$PORT/",
)->then( sub {
$client->send_frame( "Hello, world!\n" );
})->get;
However, if you send the above, it's passed up to the server unmasked. This is invalid according to the RFC (https://tools.ietf.org/html/rfc6455#section-5.1):
In the WebSocket Protocol, data is transmitted using a sequence of
frames. To avoid confusing network intermediaries (such as
intercepting proxies) and for security reasons that are further
discussed in Section 10.3, a client MUST mask all frames that it
sends to the server (see Section 5.3 for further details). (Note
that masking is done whether or not the WebSocket Protocol is running
over TLS.) The server MUST close the connection upon receiving a
frame that is not masked.
In testing, we found this to be true.
We can work around it by doing:
$client->send_frame(buffer => "hello world", masked => 1);
But I think Net::Async::WebSocket::Client should implicitly mask things if we use the documented form of just passing a string.
Thanks.