Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
Visit Stack Exchange
Stack Internal
Knowledge at work
Bring the best of human thought and AI automation together at your work.
Explore Stack InternalI've been studying the Websocket protocol (RFC 6455RFC 6455). Section 10.310.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers.
How does frame masking prevent cache poisoning? How is a proxies cache "poisoned"? Why is the masking only applied to messages from the client to the server and not also the other way around?
Can this attack also be applied to long polling methods as well (specifically XHR)?
I've been studying the Websocket protocol (RFC 6455). Section 10.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers.
How does frame masking prevent cache poisoning? How is a proxies cache "poisoned"? Why is the masking only applied to messages from the client to the server and not also the other way around?
Can this attack also be applied to long polling methods as well (specifically XHR)?
I've been studying the Websocket protocol (RFC 6455). Section 10.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers.
How does frame masking prevent cache poisoning? How is a proxies cache "poisoned"? Why is the masking only applied to messages from the client to the server and not also the other way around?
Can this attack also be applied to long polling methods as well (specifically XHR)?
I've been studying the Websocket protocol (RFC 6455). Section 10.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers.
If the client is choosing the masking key and then applying that key on the frames, howHow does thatframe masking prevent cache poisoning? Is it assumed that the attacker does not have direct control over the proxy server itself? How does this attack workis a proxies cache "poisoned"? Why is the masking only appliesapplied to messages from the client to the server and not also the other way around?
Can this attack also be applied to long polling methods as well? If so, can the same technique be used to protect long polling methods (specifically XHR)?
I've been studying the Websocket protocol (RFC 6455). Section 10.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers.
If the client is choosing the masking key and then applying that key on the frames, how does that prevent cache poisoning? Is it assumed that the attacker does not have direct control over the proxy server itself? How does this attack work? Why is the masking only applies to messages from the client to the server and not also the other way around?
Can this attack also be applied to long polling methods as well? If so, can the same technique be used to protect long polling methods (specifically XHR)?
I've been studying the Websocket protocol (RFC 6455). Section 10.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers.
How does frame masking prevent cache poisoning? How is a proxies cache "poisoned"? Why is the masking only applied to messages from the client to the server and not also the other way around?
Can this attack also be applied to long polling methods as well (specifically XHR)?
I've been studying the Websocket protocol (RFC 6455). Section 10.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers.
If the client is choosing the masking key and then applying that key on the frames, how does that prevent cache poisoning? Is it assumed that the attacker does not have direct control over the proxy server itself? How does this attack work? Why is the masking only applies to messages from the client to the server and not also the other way around?
Can this attack also be applied to long polling methods as well? If so, can the same technique be used to protect long polling methods (specifically XHR)?
I've been studying the Websocket protocol (RFC 6455). Section 10.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers.
If the client is choosing the masking key and then applying that key on the frames, how does that prevent cache poisoning? Is it assumed that the attacker does not have direct control over the proxy server itself? How does this attack work? Why is the masking only applies to messages from the client to the server and not also the other way around?
Can this attack also be applied to long polling methods as well? If so, can the same technique be used to protect long polling methods?
I've been studying the Websocket protocol (RFC 6455). Section 10.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers.
If the client is choosing the masking key and then applying that key on the frames, how does that prevent cache poisoning? Is it assumed that the attacker does not have direct control over the proxy server itself? How does this attack work? Why is the masking only applies to messages from the client to the server and not also the other way around?
Can this attack also be applied to long polling methods as well? If so, can the same technique be used to protect long polling methods (specifically XHR)?
