[Standards] XEP-0156 _xmppconnect is vulnerable to MITM

JC Brand lists at opkode.com
Fri Mar 18 17:18:10 UTC 2022



On February 11, 2022 3:48:47 AM GMT+01:00, Peter Saint-Andre <stpeter at stpeter.im> wrote:
 
>  but that raises the issue of whether we should still 
>recommend BOSH, since it was a pre-websockets workaround for long polling.

The Peertube webchat plugin uses BOSH because IIRC it has to run in an iframe and can therefore not use a websocket (I assume due to XSS restrictions).

Just mentioning this to highlight the fact that there are still apparently legitimate usecases for BOSH.

https://github.com/JohnXLivingston/peertube-plugin-livechat


More information about the Standards mailing list