andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
d08e546c0f
netty5/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java

301 lines
13 KiB
Java
Raw Normal View History

Use websocket wire protocol version rather than specification version
2011-12-15 06:09:09 +01:00
/*
Update license headers
2012-06-04 22:31:44 +02:00
* Copyright 2012 The Netty Project
Use websocket wire protocol version rather than specification version
2011-12-15 06:09:09 +01:00
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
Update license headers
2012-06-04 22:31:44 +02:00
* http://www.apache.org/licenses/LICENSE-2.0
Use websocket wire protocol version rather than specification version
2011-12-15 06:09:09 +01:00
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.codec.http.websocketx;
Use allocator when constructing ByteBufHolder sub-types or use Unpool… (#9377) Motivation: In many places Netty uses Unpooled.buffer(0) while should use EMPTY_BUFFER. We can't change this due to back compatibility in the constructors but can use Unpooled.EMPTY_BUFFER in some cases to ensure we not allocate at all. In others we can directly use the allocator either from the Channel / ChannelHandlerContext or the request / response. Modification: - Use Unpooled.EMPTY_BUFFER where possible - Use allocator where possible Result: Fixes #9345 for websockets and http package
2019-07-18 10:29:50 +02:00
import io.netty.buffer.Unpooled;
Make WebSocket codec also work when HttpClientCodec and HttpServerCodec is used. Also refactor the handshakers to share more code and make it easier to implement a new one and less error-prone
2013-03-07 10:57:27 +01:00
import io.netty.handler.codec.http.DefaultFullHttpRequest;
import io.netty.handler.codec.http.FullHttpRequest;
Second HTTP overhaul - Rename message types for clarity - HttpMessage -> FullHttpMessage - HttpHeader -> HttpMessage - HttpRequest -> FullHttpRequest - HttpResponse -> FulllHttpResponse - HttpRequestHeader -> HttpRequest - HttpResponseHeader -> HttpResponse - HttpContent now extends ByteBufHolder; no more content() method - Make HttpHeaders abstract, make its header access methods public, and add DefaultHttpHeaders - Header accessor methods in HttpMessage and LastHttpContent are replaced with HttpMessage.headers() and LastHttpContent.trailingHeaders(). Both methods return HttpHeaders. - Remove setters wherever possible and remove 'get' prefix - Instead of calling setContent(), a user can either specify the content when constructing a message or write content into the buffer. (e.g. m.content().writeBytes(...)) - Overall cleanup & fixes
2013-01-16 05:22:50 +01:00
import io.netty.handler.codec.http.FullHttpResponse;
Fix backward compatibility from the previous backport Motivation: The commit 50e06442c3f2753c9b2a506f68ea70273b829e21 changed the type of the constants in HttpHeaders.Names and HttpHeaders.Values, making 4.1 backward-incompatible with 4.0. It also introduces newer utility classes such as HttpHeaderUtil, which deprecates most static methods in HttpHeaders. To ease the migration between 4.1 and 5.0, we should deprecate all static methods that are non-existent in 5.0, and provide proper counterpart. Modification: - Revert the changes in HttpHeaders.Names and Values - Deprecate all static methods in HttpHeaders in favor of: - HttpHeaderUtil - the member methods of HttpHeaders - AsciiString - Add integer and date access methods to HttpHeaders for easier future migration to 5.0 - Add HttpHeaderNames and HttpHeaderValues which provide standard HTTP constants in AsciiString - Deprecate HttpHeaders.Names and Values - Make HttpHeaderValues.WEBSOCKET lowercased because it's actually lowercased in all WebSocket versions but the oldest one - Add RtspHeaderNames and RtspHeaderValues which provide standard RTSP constants in AsciiString - Deprecate RtspHeaders.* - Do not use AsciiString.equalsIgnoreCase(CharSeq, CharSeq) if one of the parameters are AsciiString - Avoid using AsciiString.toString() repetitively - Change the parameter type of some methods from String to CharSequence Result: Backward compatibility is recovered. New classes and methods will make the migration to 5.0 easier, once (Http|Rtsp)Header(Names|Values) are ported to master.
2014-10-31 08:48:28 +01:00
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaderValues;
Change the WebSocket API to use HttpHeaders instead of Map<String, String> for custom headers / Cleanup
2013-01-16 16:33:40 +01:00
import io.netty.handler.codec.http.HttpHeaders;
Use websocket wire protocol version rather than specification version
2011-12-15 06:09:09 +01:00
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.util.CharsetUtil;
Move logging classes from internal to internal.logging .. because internal is crowded
2013-02-26 23:54:25 +01:00
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
Use websocket wire protocol version rather than specification version
2011-12-15 06:09:09 +01:00
Add port to 'Origin' if the port is non default (80/443) (#262) - Contributed by @normanmaurer
2012-05-31 00:57:39 +02:00
import java.net.URI;
Use websocket wire protocol version rather than specification version
2011-12-15 06:09:09 +01:00
/**
* <p>
* Performs client side opening and closing handshakes for web socket specification version <a
* href="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-17" >draft-ietf-hybi-thewebsocketprotocol-
* 17</a>
* </p>
*/
public class WebSocketClientHandshaker13 extends WebSocketClientHandshaker {
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
private static final InternalLogger logger = InternalLoggerFactory.getInstance(WebSocketClientHandshaker13.class);
public static final String MAGIC_GUID = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
Apply checkstyle to the build Please note that the build will fail at the moment due to various checkstyle violations which should be fixed soon
2012-01-11 12:16:14 +01:00
private String expectedChallengeResponseString;
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
Clean up the new WebSocket package
2012-01-19 05:12:45 +01:00
private final boolean allowExtensions;
Added an option to use websockets without masking Motivation: The requirement for the masking of frames and for checks of correct masking in the websocket specifiation have a large impact on performance. While it is mandatory for browsers to use masking there are other applications (like IPC protocols) that want to user websocket framing and proxy-traversing characteristics without the overhead of masking. The websocket standard also mentions that the requirement for mask verification on server side might be dropped in future. Modifications: Added an optional parameter allowMaskMismatch for the websocket decoder that allows a server to also accept unmasked frames (and clients to accept masked frames). Allowed to set this option through the websocket handshaker constructors as well as the websocket client and server handlers. The public API for existing components doesn't change, it will be forwarded to functions which implicetly set masking as required in the specification. For websocket clients an additional parameter is added that allows to disable the masking of frames that are sent by the client. Result: This update gives netty users the ability to create and use completely unmasked websocket connections in addition to the normal masked channels that the standard describes.
2014-10-22 21:59:45 +02:00
private final boolean performMasking;
private final boolean allowMaskMismatch;
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
/**
Add max frame length for web socket to limit chance of DOS attack (#283) - Contributed by @veebs
2012-05-31 02:13:00 +02:00
* Creates a new instance.
Add port to 'Origin' if the port is non default (80/443) (#262) - Contributed by @normanmaurer
2012-05-31 00:57:39 +02:00
*
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
* @param webSocketURL
* URL for web socket communications. e.g "ws://myhost.com/mypath". Subsequent web socket frames will be
* sent to this URL.
* @param version
* Version of web socket specification to use to connect to the server
Clean up the new WebSocket package
2012-01-19 05:12:45 +01:00
* @param subprotocol
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
* Sub protocol request sent to the server.
* @param allowExtensions
* Allow extensions to be used in the reserved bits of the web socket frame
* @param customHeaders
* Map of custom headers to add to the client request
Add max frame length for web socket to limit chance of DOS attack (#283) - Contributed by @veebs
2012-05-31 02:13:00 +02:00
* @param maxFramePayloadLength
* Maximum length of a frame's payload
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
*/
Clean up the new WebSocket package
2012-01-19 05:12:45 +01:00
public WebSocketClientHandshaker13(URI webSocketURL, WebSocketVersion version, String subprotocol,
Added an option to use websockets without masking Motivation: The requirement for the masking of frames and for checks of correct masking in the websocket specifiation have a large impact on performance. While it is mandatory for browsers to use masking there are other applications (like IPC protocols) that want to user websocket framing and proxy-traversing characteristics without the overhead of masking. The websocket standard also mentions that the requirement for mask verification on server side might be dropped in future. Modifications: Added an optional parameter allowMaskMismatch for the websocket decoder that allows a server to also accept unmasked frames (and clients to accept masked frames). Allowed to set this option through the websocket handshaker constructors as well as the websocket client and server handlers. The public API for existing components doesn't change, it will be forwarded to functions which implicetly set masking as required in the specification. For websocket clients an additional parameter is added that allows to disable the masking of frames that are sent by the client. Result: This update gives netty users the ability to create and use completely unmasked websocket connections in addition to the normal masked channels that the standard describes.
2014-10-22 21:59:45 +02:00
boolean allowExtensions, HttpHeaders customHeaders, int maxFramePayloadLength) {
WebSocket client handshaker to support "force close" after timeout (#8896) Motivation: RFC 6455 defines that, generally, a WebSocket client should not close a TCP connection as far as a server is the one who's responsible for doing that. In practice tho', it's not always possible to control the server. Server's misbehavior may lead to connections being leaked (if the server does not comply with the RFC). RFC 6455 #7.1.1 says > In abnormal cases (such as not having received a TCP Close from the server after a reasonable amount of time) a client MAY initiate the TCP Close. Modifications: * WebSocket client handshaker additional param `forceCloseAfterMillis` * Use 10 seconds as default Result: WebSocket client handshaker to comply with RFC. Fixes #8883.
2019-04-10 15:25:34 +02:00
this(webSocketURL, version, subprotocol, allowExtensions, customHeaders, maxFramePayloadLength,
true, false);
Added an option to use websockets without masking Motivation: The requirement for the masking of frames and for checks of correct masking in the websocket specifiation have a large impact on performance. While it is mandatory for browsers to use masking there are other applications (like IPC protocols) that want to user websocket framing and proxy-traversing characteristics without the overhead of masking. The websocket standard also mentions that the requirement for mask verification on server side might be dropped in future. Modifications: Added an optional parameter allowMaskMismatch for the websocket decoder that allows a server to also accept unmasked frames (and clients to accept masked frames). Allowed to set this option through the websocket handshaker constructors as well as the websocket client and server handlers. The public API for existing components doesn't change, it will be forwarded to functions which implicetly set masking as required in the specification. For websocket clients an additional parameter is added that allows to disable the masking of frames that are sent by the client. Result: This update gives netty users the ability to create and use completely unmasked websocket connections in addition to the normal masked channels that the standard describes.
2014-10-22 21:59:45 +02:00
}
/**
* Creates a new instance.
*
* @param webSocketURL
* URL for web socket communications. e.g "ws://myhost.com/mypath". Subsequent web socket frames will be
* sent to this URL.
* @param version
* Version of web socket specification to use to connect to the server
* @param subprotocol
* Sub protocol request sent to the server.
* @param allowExtensions
* Allow extensions to be used in the reserved bits of the web socket frame
* @param customHeaders
* Map of custom headers to add to the client request
* @param maxFramePayloadLength
* Maximum length of a frame's payload
* @param performMasking
* Whether to mask all written websocket frames. This must be set to true in order to be fully compatible
* with the websocket specifications. Client applications that communicate with a non-standard server
* which doesn't require masking might set this to false to achieve a higher performance.
* @param allowMaskMismatch
Correct comment for allowMaskMismatch parameter Motivation: The allowMaskMismatch parameter used throughout websocketx allows frames with noncompliant masks when set to true, not false. Modification: Changed the javadoc comment everywhere it appears. Result: Fixes #6387
2017-02-15 20:03:59 +01:00
* When set to true, frames which are not masked properly according to the standard will still be
* accepted.
Added an option to use websockets without masking Motivation: The requirement for the masking of frames and for checks of correct masking in the websocket specifiation have a large impact on performance. While it is mandatory for browsers to use masking there are other applications (like IPC protocols) that want to user websocket framing and proxy-traversing characteristics without the overhead of masking. The websocket standard also mentions that the requirement for mask verification on server side might be dropped in future. Modifications: Added an optional parameter allowMaskMismatch for the websocket decoder that allows a server to also accept unmasked frames (and clients to accept masked frames). Allowed to set this option through the websocket handshaker constructors as well as the websocket client and server handlers. The public API for existing components doesn't change, it will be forwarded to functions which implicetly set masking as required in the specification. For websocket clients an additional parameter is added that allows to disable the masking of frames that are sent by the client. Result: This update gives netty users the ability to create and use completely unmasked websocket connections in addition to the normal masked channels that the standard describes.
2014-10-22 21:59:45 +02:00
*/
public WebSocketClientHandshaker13(URI webSocketURL, WebSocketVersion version, String subprotocol,
boolean allowExtensions, HttpHeaders customHeaders, int maxFramePayloadLength,
boolean performMasking, boolean allowMaskMismatch) {
WebSocket client handshaker to support "force close" after timeout (#8896) Motivation: RFC 6455 defines that, generally, a WebSocket client should not close a TCP connection as far as a server is the one who's responsible for doing that. In practice tho', it's not always possible to control the server. Server's misbehavior may lead to connections being leaked (if the server does not comply with the RFC). RFC 6455 #7.1.1 says > In abnormal cases (such as not having received a TCP Close from the server after a reasonable amount of time) a client MAY initiate the TCP Close. Modifications: * WebSocket client handshaker additional param `forceCloseAfterMillis` * Use 10 seconds as default Result: WebSocket client handshaker to comply with RFC. Fixes #8883.
2019-04-10 15:25:34 +02:00
this(webSocketURL, version, subprotocol, allowExtensions, customHeaders, maxFramePayloadLength,
performMasking, allowMaskMismatch, DEFAULT_FORCE_CLOSE_TIMEOUT_MILLIS);
}
/**
* Creates a new instance.
*
* @param webSocketURL
* URL for web socket communications. e.g "ws://myhost.com/mypath". Subsequent web socket frames will be
* sent to this URL.
* @param version
* Version of web socket specification to use to connect to the server
* @param subprotocol
* Sub protocol request sent to the server.
* @param allowExtensions
* Allow extensions to be used in the reserved bits of the web socket frame
* @param customHeaders
* Map of custom headers to add to the client request
* @param maxFramePayloadLength
* Maximum length of a frame's payload
* @param performMasking
* Whether to mask all written websocket frames. This must be set to true in order to be fully compatible
* with the websocket specifications. Client applications that communicate with a non-standard server
* which doesn't require masking might set this to false to achieve a higher performance.
* @param allowMaskMismatch
* When set to true, frames which are not masked properly according to the standard will still be
* accepted
* @param forceCloseTimeoutMillis
* Close the connection if it was not closed by the server after timeout specified.
*/
public WebSocketClientHandshaker13(URI webSocketURL, WebSocketVersion version, String subprotocol,
boolean allowExtensions, HttpHeaders customHeaders, int maxFramePayloadLength,
boolean performMasking, boolean allowMaskMismatch,
long forceCloseTimeoutMillis) {
Introduce WebSocketClientHandshaker::absoluteUpgradeUrl, close #9205 (#9206) Motivation: When connecting through an HTTP proxy over clear HTTP, user agents must send requests with an absolute url. This hold true for WebSocket Upgrade request. WebSocketClientHandshaker and subclasses currently always send requests with a relative url, which causes proxies to crash as request is malformed. Modification: Introduce a new parameter `absoluteUpgradeUrl` and expose it in constructors and WebSocketClientHandshakerFactory. Result: It's now possible to configure WebSocketClientHandshaker so it works properly with HTTP proxies over clear HTTP.
2019-06-08 01:01:10 +02:00
this(webSocketURL, version, subprotocol, allowExtensions, customHeaders, maxFramePayloadLength, performMasking,
allowMaskMismatch, forceCloseTimeoutMillis, false);
}
/**
* Creates a new instance.
*
* @param webSocketURL
* URL for web socket communications. e.g "ws://myhost.com/mypath". Subsequent web socket frames will be
* sent to this URL.
* @param version
* Version of web socket specification to use to connect to the server
* @param subprotocol
* Sub protocol request sent to the server.
* @param allowExtensions
* Allow extensions to be used in the reserved bits of the web socket frame
* @param customHeaders
* Map of custom headers to add to the client request
* @param maxFramePayloadLength
* Maximum length of a frame's payload
* @param performMasking
* Whether to mask all written websocket frames. This must be set to true in order to be fully compatible
* with the websocket specifications. Client applications that communicate with a non-standard server
* which doesn't require masking might set this to false to achieve a higher performance.
* @param allowMaskMismatch
* When set to true, frames which are not masked properly according to the standard will still be
* accepted
* @param forceCloseTimeoutMillis
* Close the connection if it was not closed by the server after timeout specified.
* @param absoluteUpgradeUrl
* Use an absolute url for the Upgrade request, typically when connecting through an HTTP proxy over
* clear HTTP
*/
WebSocketClientHandshaker13(URI webSocketURL, WebSocketVersion version, String subprotocol,
boolean allowExtensions, HttpHeaders customHeaders, int maxFramePayloadLength,
boolean performMasking, boolean allowMaskMismatch,
long forceCloseTimeoutMillis, boolean absoluteUpgradeUrl) {
super(webSocketURL, version, subprotocol, customHeaders, maxFramePayloadLength, forceCloseTimeoutMillis,
absoluteUpgradeUrl);
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
this.allowExtensions = allowExtensions;
Added an option to use websockets without masking Motivation: The requirement for the masking of frames and for checks of correct masking in the websocket specifiation have a large impact on performance. While it is mandatory for browsers to use masking there are other applications (like IPC protocols) that want to user websocket framing and proxy-traversing characteristics without the overhead of masking. The websocket standard also mentions that the requirement for mask verification on server side might be dropped in future. Modifications: Added an optional parameter allowMaskMismatch for the websocket decoder that allows a server to also accept unmasked frames (and clients to accept masked frames). Allowed to set this option through the websocket handshaker constructors as well as the websocket client and server handlers. The public API for existing components doesn't change, it will be forwarded to functions which implicetly set masking as required in the specification. For websocket clients an additional parameter is added that allows to disable the masking of frames that are sent by the client. Result: This update gives netty users the ability to create and use completely unmasked websocket connections in addition to the normal masked channels that the standard describes.
2014-10-22 21:59:45 +02:00
this.performMasking = performMasking;
this.allowMaskMismatch = allowMaskMismatch;
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
}
/**
* /**
* <p>
* Sends the opening request to the server:
* </p>
Add port to 'Origin' if the port is non default (80/443) (#262) - Contributed by @normanmaurer
2012-05-31 00:57:39 +02:00
*
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
* <pre>
* GET /chat HTTP/1.1
* Host: server.example.com
* Upgrade: websocket
* Connection: Upgrade
* Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 (#9312) Motivation: Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser clients, Origin header field may be sent if it makes sense in the context of those clients. Modification: Replace Sec-WebSocket-Origin to Origin Result: Fixes #9134 .
2019-07-12 12:05:39 +02:00
* Origin: http://example.com
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
* Sec-WebSocket-Protocol: chat, superchat
* Sec-WebSocket-Version: 13
* </pre>
Add port to 'Origin' if the port is non default (80/443) (#262) - Contributed by @normanmaurer
2012-05-31 00:57:39 +02:00
*
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
*/
@Override
Make WebSocket codec also work when HttpClientCodec and HttpServerCodec is used. Also refactor the handshakers to share more code and make it easier to implement a new one and less error-prone
2013-03-07 10:57:27 +01:00
protected FullHttpRequest newHandshakeRequest() {
Remove 'get' prefix
2013-01-17 07:06:46 +01:00
URI wsURL = uri();
[#729] Correctly handle urls with empty abs_path in it when issue the websocket handshake
2012-11-12 15:29:02 +01:00
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
// Get 16 bit nonce and base 64 encode it
Clean up the new WebSocket package
2012-01-19 05:12:45 +01:00
byte[] nonce = WebSocketUtil.randomBytes(16);
String key = WebSocketUtil.base64(nonce);
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
String acceptSeed = key + MAGIC_GUID;
Clean up the new WebSocket package
2012-01-19 05:12:45 +01:00
byte[] sha1 = WebSocketUtil.sha1(acceptSeed.getBytes(CharsetUtil.US_ASCII));
expectedChallengeResponseString = WebSocketUtil.base64(sha1);
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
if (logger.isDebugEnabled()) {
Do not use String.format() for log message generation - It's slow.
2014-02-14 04:31:17 +01:00
logger.debug(
"WebSocket version 13 client handshake key: {}, expected response: {}",
key, expectedChallengeResponseString);
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
}
// Format request
Use allocator when constructing ByteBufHolder sub-types or use Unpool… (#9377) Motivation: In many places Netty uses Unpooled.buffer(0) while should use EMPTY_BUFFER. We can't change this due to back compatibility in the constructors but can use Unpooled.EMPTY_BUFFER in some cases to ensure we not allocate at all. In others we can directly use the allocator either from the Channel / ChannelHandlerContext or the request / response. Modification: - Use Unpooled.EMPTY_BUFFER where possible - Use allocator where possible Result: Fixes #9345 for websockets and http package
2019-07-18 10:29:50 +02:00
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, upgradeUrl(wsURL),
Unpooled.EMPTY_BUFFER);
Change the WebSocket API to use HttpHeaders instead of Map<String, String> for custom headers / Cleanup
2013-01-16 16:33:40 +01:00
HttpHeaders headers = request.headers();
Set (and override) websocket handshake headers after custom headers (#7975) Motivation: Currently, when passing custom headers to a WebSocketClientHandshaker, if values are added for headers that are reserved for use in the websocket handshake performed with the server, these custom values can be used by the server to compute the websocket handshake challenge. If the server computes the response to the challenge with the custom header values, rather than the values computed by the client handshaker, the handshake may fail. Modifications: Update the client handshaker implementations to add the custom header values first, and then set the reserved websocket header values. Result: Reserved websocket handshake headers, if present in the custom headers passed to the client handshaker, will not be propagated to the server. Instead the client handshaker will propagate the values it generates. Fixes #7973.
2018-05-30 19:52:40 +02:00
if (customHeaders != null) {
headers.add(customHeaders);
}
headers.set(HttpHeaderNames.UPGRADE, HttpHeaderValues.WEBSOCKET)
.set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key)
.set(HttpHeaderNames.HOST, websocketHostValue(wsURL))
Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 (#9312) Motivation: Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser clients, Origin header field may be sent if it makes sense in the context of those clients. Modification: Replace Sec-WebSocket-Origin to Origin Result: Fixes #9134 .
2019-07-12 12:05:39 +02:00
.set(HttpHeaderNames.ORIGIN, websocketOriginValue(wsURL));
Add port to 'Origin' if the port is non default (80/443) (#262) - Contributed by @normanmaurer
2012-05-31 00:57:39 +02:00
Remove 'get' prefix
2013-01-17 07:06:46 +01:00
String expectedSubprotocol = expectedSubprotocol();
Use 'x' over "x" wherever possible / String.equals("") -> isEmpty()
2012-11-10 00:03:52 +01:00
if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {
Set (and override) websocket handshake headers after custom headers (#7975) Motivation: Currently, when passing custom headers to a WebSocketClientHandshaker, if values are added for headers that are reserved for use in the websocket handshake performed with the server, these custom values can be used by the server to compute the websocket handshake challenge. If the server computes the response to the challenge with the custom header values, rather than the values computed by the client handshaker, the handshake may fail. Modifications: Update the client handshaker implementations to add the custom header values first, and then set the reserved websocket header values. Result: Reserved websocket handshake headers, if present in the custom headers passed to the client handshaker, will not be propagated to the server. Instead the client handshaker will propagate the values it generates. Fixes #7973.
2018-05-30 19:52:40 +02:00
headers.set(HttpHeaderNames.SEC_WEBSOCKET_PROTOCOL, expectedSubprotocol);
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
}
Fixed bug where subprotocol not sent by client Conflicts: codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker.java codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker08.java codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketServerHandshaker.java
2012-05-12 13:05:15 +02:00
Set (and override) websocket handshake headers after custom headers (#7975) Motivation: Currently, when passing custom headers to a WebSocketClientHandshaker, if values are added for headers that are reserved for use in the websocket handshake performed with the server, these custom values can be used by the server to compute the websocket handshake challenge. If the server computes the response to the challenge with the custom header values, rather than the values computed by the client handshaker, the handshake may fail. Modifications: Update the client handshaker implementations to add the custom header values first, and then set the reserved websocket header values. Result: Reserved websocket handshake headers, if present in the custom headers passed to the client handshaker, will not be propagated to the server. Instead the client handshaker will propagate the values it generates. Fixes #7973.
2018-05-30 19:52:40 +02:00
headers.set(HttpHeaderNames.SEC_WEBSOCKET_VERSION, "13");
Make WebSocket codec also work when HttpClientCodec and HttpServerCodec is used. Also refactor the handshakers to share more code and make it easier to implement a new one and less error-prone
2013-03-07 10:57:27 +01:00
return request;
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
}
/**
* <p>
* Process server response:
* </p>
Add port to 'Origin' if the port is non default (80/443) (#262) - Contributed by @normanmaurer
2012-05-31 00:57:39 +02:00
*
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
* <pre>
* HTTP/1.1 101 Switching Protocols
* Upgrade: websocket
* Connection: Upgrade
* Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
* Sec-WebSocket-Protocol: chat
* </pre>
Add port to 'Origin' if the port is non default (80/443) (#262) - Contributed by @normanmaurer
2012-05-31 00:57:39 +02:00
*
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
* @param response
* HTTP response returned from the server for the request sent by beginOpeningHandshake00().
Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 (#9312) Motivation: Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser clients, Origin header field may be sent if it makes sense in the context of those clients. Modification: Replace Sec-WebSocket-Origin to Origin Result: Fixes #9134 .
2019-07-12 12:05:39 +02:00
* @throws WebSocketHandshakeException if handshake response is invalid.
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
*/
@Override
Make WebSocket codec also work when HttpClientCodec and HttpServerCodec is used. Also refactor the handshakers to share more code and make it easier to implement a new one and less error-prone
2013-03-07 10:57:27 +01:00
protected void verify(FullHttpResponse response) {
Clean up the new WebSocket package
2012-01-19 05:12:45 +01:00
final HttpResponseStatus status = HttpResponseStatus.SWITCHING_PROTOCOLS;
Change the WebSocket API to use HttpHeaders instead of Map<String, String> for custom headers / Cleanup
2013-01-16 16:33:40 +01:00
final HttpHeaders headers = response.headers();
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
Remove 'get' prefix from all HTTP/SPDY messages Motivation: Persuit for the consistency in method naming Modifications: - Remove the 'get' prefix from all HTTP/SPDY message classes - Fix some inspector warnings Result: Consistency
2014-06-24 10:39:46 +02:00
if (!response.status().equals(status)) {
throw new WebSocketHandshakeException("Invalid handshake response getStatus: " + response.status());
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
}
Fix backward compatibility from the previous backport Motivation: The commit 50e06442c3f2753c9b2a506f68ea70273b829e21 changed the type of the constants in HttpHeaders.Names and HttpHeaders.Values, making 4.1 backward-incompatible with 4.0. It also introduces newer utility classes such as HttpHeaderUtil, which deprecates most static methods in HttpHeaders. To ease the migration between 4.1 and 5.0, we should deprecate all static methods that are non-existent in 5.0, and provide proper counterpart. Modification: - Revert the changes in HttpHeaders.Names and Values - Deprecate all static methods in HttpHeaders in favor of: - HttpHeaderUtil - the member methods of HttpHeaders - AsciiString - Add integer and date access methods to HttpHeaders for easier future migration to 5.0 - Add HttpHeaderNames and HttpHeaderValues which provide standard HTTP constants in AsciiString - Deprecate HttpHeaders.Names and Values - Make HttpHeaderValues.WEBSOCKET lowercased because it's actually lowercased in all WebSocket versions but the oldest one - Add RtspHeaderNames and RtspHeaderValues which provide standard RTSP constants in AsciiString - Deprecate RtspHeaders.* - Do not use AsciiString.equalsIgnoreCase(CharSeq, CharSeq) if one of the parameters are AsciiString - Avoid using AsciiString.toString() repetitively - Change the parameter type of some methods from String to CharSequence Result: Backward compatibility is recovered. New classes and methods will make the migration to 5.0 easier, once (Http|Rtsp)Header(Names|Values) are ported to master.
2014-10-31 08:48:28 +01:00
CharSequence upgrade = headers.get(HttpHeaderNames.UPGRADE);
Headers Performance Boost and Interface Simplification Motivation: A degradation in performance has been observed from the 4.0 branch as documented in https://github.com/netty/netty/issues/3962. Modifications: - Simplify Headers class hierarchy. - Restore the DefaultHeaders to be based upon DefaultHttpHeaders from 4.0. - Make various other modifications that are causing hot spots. Result: Performance is now on par with 4.0.
2015-08-13 04:05:37 +02:00
if (!HttpHeaderValues.WEBSOCKET.contentEqualsIgnoreCase(upgrade)) {
Change the WebSocket API to use HttpHeaders instead of Map<String, String> for custom headers / Cleanup
2013-01-16 16:33:40 +01:00
throw new WebSocketHandshakeException("Invalid handshake response upgrade: " + upgrade);
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
}
[#4754] Correctly detect websocket upgrade Motivation: If the Connection header contains multiple values (which is valid) we fail to detect a websocket upgrade Modification: - Add new method which allows to check if a header field contains a specific value (and also respect multiple header values) - Use this method to detect handshake Result: Correct detect handshake if Connection header contains multiple values (seperated by ',').
2016-01-27 14:26:33 +01:00
if (!headers.containsValue(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE, true)) {
throw new WebSocketHandshakeException("Invalid handshake response connection: "
+ headers.get(HttpHeaderNames.CONNECTION));
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
}
Fix backward compatibility from the previous backport Motivation: The commit 50e06442c3f2753c9b2a506f68ea70273b829e21 changed the type of the constants in HttpHeaders.Names and HttpHeaders.Values, making 4.1 backward-incompatible with 4.0. It also introduces newer utility classes such as HttpHeaderUtil, which deprecates most static methods in HttpHeaders. To ease the migration between 4.1 and 5.0, we should deprecate all static methods that are non-existent in 5.0, and provide proper counterpart. Modification: - Revert the changes in HttpHeaders.Names and Values - Deprecate all static methods in HttpHeaders in favor of: - HttpHeaderUtil - the member methods of HttpHeaders - AsciiString - Add integer and date access methods to HttpHeaders for easier future migration to 5.0 - Add HttpHeaderNames and HttpHeaderValues which provide standard HTTP constants in AsciiString - Deprecate HttpHeaders.Names and Values - Make HttpHeaderValues.WEBSOCKET lowercased because it's actually lowercased in all WebSocket versions but the oldest one - Add RtspHeaderNames and RtspHeaderValues which provide standard RTSP constants in AsciiString - Deprecate RtspHeaders.* - Do not use AsciiString.equalsIgnoreCase(CharSeq, CharSeq) if one of the parameters are AsciiString - Avoid using AsciiString.toString() repetitively - Change the parameter type of some methods from String to CharSequence Result: Backward compatibility is recovered. New classes and methods will make the migration to 5.0 easier, once (Http|Rtsp)Header(Names|Values) are ported to master.
2014-10-31 08:48:28 +01:00
CharSequence accept = headers.get(HttpHeaderNames.SEC_WEBSOCKET_ACCEPT);
Clean up the new WebSocket package
2012-01-19 05:12:45 +01:00
if (accept == null || !accept.equals(expectedChallengeResponseString)) {
Change the WebSocket API to use HttpHeaders instead of Map<String, String> for custom headers / Cleanup
2013-01-16 16:33:40 +01:00
throw new WebSocketHandshakeException(String.format(
"Invalid challenge. Actual: %s. Expected: %s", accept, expectedChallengeResponseString));
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
}
Make WebSocket codec also work when HttpClientCodec and HttpServerCodec is used. Also refactor the handshakers to share more code and make it easier to implement a new one and less error-prone
2013-03-07 10:57:27 +01:00
}
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
Make WebSocket codec also work when HttpClientCodec and HttpServerCodec is used. Also refactor the handshakers to share more code and make it easier to implement a new one and less error-prone
2013-03-07 10:57:27 +01:00
@Override
[#1515] Add WebSocketFrameEncoder and WebSocketFrameDecoder interfaces and let our impls implement it
2013-07-04 06:41:22 +02:00
protected WebSocketFrameDecoder newWebsocketDecoder() {
Added an option to use websockets without masking Motivation: The requirement for the masking of frames and for checks of correct masking in the websocket specifiation have a large impact on performance. While it is mandatory for browsers to use masking there are other applications (like IPC protocols) that want to user websocket framing and proxy-traversing characteristics without the overhead of masking. The websocket standard also mentions that the requirement for mask verification on server side might be dropped in future. Modifications: Added an optional parameter allowMaskMismatch for the websocket decoder that allows a server to also accept unmasked frames (and clients to accept masked frames). Allowed to set this option through the websocket handshaker constructors as well as the websocket client and server handlers. The public API for existing components doesn't change, it will be forwarded to functions which implicetly set masking as required in the specification. For websocket clients an additional parameter is added that allows to disable the masking of frames that are sent by the client. Result: This update gives netty users the ability to create and use completely unmasked websocket connections in addition to the normal masked channels that the standard describes.
2014-10-22 21:59:45 +02:00
return new WebSocket13FrameDecoder(false, allowExtensions, maxFramePayloadLength(), allowMaskMismatch);
Make WebSocket codec also work when HttpClientCodec and HttpServerCodec is used. Also refactor the handshakers to share more code and make it easier to implement a new one and less error-prone
2013-03-07 10:57:27 +01:00
}
Call setHandshakeComplete() before the handler replacement (#332) - Contributed by @normanmaurer
2012-05-31 11:02:02 +02:00
Make WebSocket codec also work when HttpClientCodec and HttpServerCodec is used. Also refactor the handshakers to share more code and make it easier to implement a new one and less error-prone
2013-03-07 10:57:27 +01:00
@Override
[#1515] Add WebSocketFrameEncoder and WebSocketFrameDecoder interfaces and let our impls implement it
2013-07-04 06:41:22 +02:00
protected WebSocketFrameEncoder newWebSocketEncoder() {
Added an option to use websockets without masking Motivation: The requirement for the masking of frames and for checks of correct masking in the websocket specifiation have a large impact on performance. While it is mandatory for browsers to use masking there are other applications (like IPC protocols) that want to user websocket framing and proxy-traversing characteristics without the overhead of masking. The websocket standard also mentions that the requirement for mask verification on server side might be dropped in future. Modifications: Added an optional parameter allowMaskMismatch for the websocket decoder that allows a server to also accept unmasked frames (and clients to accept masked frames). Allowed to set this option through the websocket handshaker constructors as well as the websocket client and server handlers. The public API for existing components doesn't change, it will be forwarded to functions which implicetly set masking as required in the specification. For websocket clients an additional parameter is added that allows to disable the masking of frames that are sent by the client. Result: This update gives netty users the ability to create and use completely unmasked websocket connections in addition to the normal masked channels that the standard describes.
2014-10-22 21:59:45 +02:00
return new WebSocket13FrameEncoder(performMasking);
Change tabs to spaces. Damn you auto code format!
2011-12-15 12:25:40 +01:00
}
WebSocket client handshaker to support "force close" after timeout (#8896) Motivation: RFC 6455 defines that, generally, a WebSocket client should not close a TCP connection as far as a server is the one who's responsible for doing that. In practice tho', it's not always possible to control the server. Server's misbehavior may lead to connections being leaked (if the server does not comply with the RFC). RFC 6455 #7.1.1 says > In abnormal cases (such as not having received a TCP Close from the server after a reasonable amount of time) a client MAY initiate the TCP Close. Modifications: * WebSocket client handshaker additional param `forceCloseAfterMillis` * Use 10 seconds as default Result: WebSocket client handshaker to comply with RFC. Fixes #8883.
2019-04-10 15:25:34 +02:00
@Override
public WebSocketClientHandshaker13 setForceCloseTimeoutMillis(long forceCloseTimeoutMillis) {
super.setForceCloseTimeoutMillis(forceCloseTimeoutMillis);
return this;
}
Use websocket wire protocol version rather than specification version
2011-12-15 06:09:09 +01:00
}
Reference in New Issue Copy Permalink