logo
episode-header-image
Mar 2021
16m 8s

Why WebSockets over HTTP/2 (RFC8441) is ...

Hussein Nasser
About this episode

In this video, I'll discuss RFC8441 bootstrapping WebSockets with HTTP/2 which I believe a critical protocol to allow WebSockets tunneling to scale on the backend. We will also discuss the current state of the art of Proxy and Backend Supports for this tech. Let us have a discussion.

0:00 Intro

3:00 WebSockets over HTTP/2

7:40 Proxy Supports

13:15 Browsers Supports

14:00 Summary

RFC 8441

Resources

RFC8441

https://tools.ietf.org/html/rfc8441#section-4

nginx support

https://trac.nginx.org/nginx/ticket/1992

haproxy support

https://github.com/haproxy/haproxy/issues/162

Chrome support

https://www.chromestatus.com/feature/6251293127475200

Firefox support

https://bugzilla.mozilla.org/show_bug.cgi?id=1434137

envoy support

https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades



Support my work on PayPal

https://bit.ly/33ENps4

Become a Member on YouTube

https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join

🧑‍🏫 Courses I Teach

https://husseinnasser.com/courses

Up next
Today
CPU and Kernel Page Faults
<p>Page faults occurs when the process tries to access a memory that isn’t backed by a physical page kernel raises a fault which loads a page. It happens on first access, stack expansion, COW, swap and much more. However it comes with a cost. </p><p><br /></p><p>In this episode o ... Show More
48m 37s
Oct 31
Amazon US-EAST-1 Outage in Details
On October 19 2025 AWS experienced an outage that lasted over a day, 10 days later we finally got the root cause analysis and we know exactly what caused the DNS to fail0:00 Summary 5:30 How did Dynamo lost its DNS?13:41 EC2 Errors 16:16 Network Load Balancer ErrorsRCA here https ... Show More
24m 26s
Oct 17
Graceful shutdown in HTTP
There are cases where the backend may need to close the connection to prevent unexpected situations, prevent bad actors or simply just free up resources. Closing a connection gracefully allows clients and backends to clean up and finish any pending requests. In this episode of th ... Show More
25m 49s
Recommended Episodes
Nov 2020
HTTP Archive's 10th Anniversary
(November 19, 2020) Rick meets with Steve Souders, who created the HTTP Archive project 10 years ago this month, to talk about its origins and reflect on it's growth. They're also joined by Patrick Meenan, creator of WebPageTest and maintainer of HTTP Archive, along with Paul Cal ... Show More
48m 46s
Apr 2020
JavaScript Vulnerabilities with Tim Kadlec - The State of the Web
<p><span style="font-weight: 400;">(Originally aired on YouTube on May 30, 2018)</span></p> <p><span style="font-weight: 400;">Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challe ... Show More
12m 32s
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
<p>The linux kernel is something we all use but have you ever thought about what goes into it, well today we&#39;ve got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler.</p> <p>=========Guest Links==========</p> <p>Twitch ... Show More
1h 55m
Mar 2024
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More
1h 8m
Feb 2023
Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!
Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.Sorry if the audio is a little roug ... Show More
56m 39s
May 2024
Episode 73: Sandboxed IFrames and WAF Bypasses
Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting th ... Show More
31m 13s
Feb 2023
Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops
Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!Follow us on twitter at: @ctbbpodca ... Show More
35m 57s
Apr 2024
Episode 68: 0-days & HTMX-SS with Mathias
Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larg ... Show More
1h 3m
Listen to millions of songs and podcasts on Anghami