From 28bccc4c0768f5cc5804d22a98bced4f22002c20 Mon Sep 17 00:00:00 2001 From: Chris Boden Date: Fri, 25 Nov 2011 12:01:04 -0500 Subject: [PATCH] Typo Fixed spelling error in docs --- lib/Ratchet/Application/WebSocket/Version/Hixie76.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Ratchet/Application/WebSocket/Version/Hixie76.php b/lib/Ratchet/Application/WebSocket/Version/Hixie76.php index 03fbe78..0777701 100644 --- a/lib/Ratchet/Application/WebSocket/Version/Hixie76.php +++ b/lib/Ratchet/Application/WebSocket/Version/Hixie76.php @@ -7,7 +7,7 @@ namespace Ratchet\Application\WebSocket\Version; * 1) The handshake is done in HTTP, which includes a key for signing in the body... * BUT there is no Length defined in the header (as per HTTP spec) so the TCP buffer can't tell when the message is done! * 2) By nature it's insecure. Google did a test study where they were able to do a - * man-in-the-middle attack on 10%-15% of the people who saw their add who had a browser (currently only Safari) supporting the Hixie76 protocol. + * man-in-the-middle attack on 10%-15% of the people who saw their ad who had a browser (currently only Safari) supporting the Hixie76 protocol. * This was exploited by taking advantage of proxy servers in front of the user who ignored some HTTP headers in the handshake * The Hixie76 is currently implemented by Safari * Handshake from Andrea Giammarchi (http://webreflection.blogspot.com/2010/06/websocket-handshake-76-simplified.html)