logo
episode-header-image
Mar 2021
16m 8s

Why WebSockets over HTTP/2 (RFC8441) is ...

Hussein Nasser
About this episode

In this video, I'll discuss RFC8441 bootstrapping WebSockets with HTTP/2 which I believe a critical protocol to allow WebSockets tunneling to scale on the backend. We will also discuss the current state of the art of Proxy and Backend Supports for this tech. Let us have a discussion.

0:00 Intro

3:00 WebSockets over HTTP/2

7:40 Proxy Supports

13:15 Browsers Supports

14:00 Summary

RFC 8441

Resources

RFC8441

https://tools.ietf.org/html/rfc8441#section-4

nginx support

https://trac.nginx.org/nginx/ticket/1992

haproxy support

https://github.com/haproxy/haproxy/issues/162

Chrome support

https://www.chromestatus.com/feature/6251293127475200

Firefox support

https://bugzilla.mozilla.org/show_bug.cgi?id=1434137

envoy support

https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades



Support my work on PayPal

https://bit.ly/33ENps4

Become a Member on YouTube

https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join

🧑‍🏫 Courses I Teach

https://husseinnasser.com/courses

--- Support this podcast: https://anchor.fm/hnasr/support
Up next
Jun 13
kTLS - Kernel level TLS
Fundamentals of Operating Systems Course https://oscourse.winktls is brilliant.TLS encryption/decryption often happens in userland. While TCP lives in the kernel. With ktls, userland can hand the keys to the kernel and the kernel does crypto. When calling write, the kernel encryp ... Show More
22m 55s
May 9
The beauty of the CPU
If you are bored of contemporary topics of AI and need a breather, I invite you to join me to explore a mundane, fundamental and earthy topic.The CPU.A reading of my substack article https://hnasr.substack.com/p/the-beauty-of-the-cpu 
9m 38s
Apr 18
Sequential Scans in Postgres just got faster
This new PostgreSQL 17 feature is game changer. They know can combine IOs when performing sequential scan. Grab my database coursehttps://courses.husseinnasser.com 
27m 36s
Recommended Episodes
Jul 2023
575: CSS Errors, Proxy and Reverse Proxy, and What’s The Edge?
Bluesky adds first class support for urls as a username, text-wrap pretty update, sqwunching text update, should CSS spit out errors, anchor functionality, what does the edge mean, eSports and bowling, how to test websites on slower CPUs, and what does proxy or reverse proxy mean ... Show More
1 h
Nov 2020
HTTP Archive's 10th Anniversary
(November 19, 2020) Rick meets with Steve Souders, who created the HTTP Archive project 10 years ago this month, to talk about its origins and reflect on it's growth. They're also joined by Patrick Meenan, creator of WebPageTest and maintainer of HTTP Archive, along with Paul Cal ... Show More
48m 46s
Apr 2020
JavaScript Vulnerabilities with Tim Kadlec - The State of the Web
(Originally aired on YouTube on May 30, 2018) Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challenge of making your organization aware of these risks, and how they could be explo ... Show More
12m 32s
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Mar 2024
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More
1h 8m
Feb 2023
Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!
Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.Sorry if the audio is a little roug ... Show More
56m 39s
May 2024
Episode 73: Sandboxed IFrames and WAF Bypasses
Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting th ... Show More
31m 13s
Feb 2023
Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops
Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!Follow us on twitter at: @ctbbpodca ... Show More
35m 57s
Apr 2024
Episode 68: 0-days & HTMX-SS with Mathias
Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larg ... Show More
1h 3m
Listen to millions of songs and podcasts on Anghami