andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[#5402] sec-websocket-origin should mention HTTPS

Browse Source 
Motivation:

When HTTPS is used we should use https in the sec-websocket-origin / origin header

Modifications:

- Correctly generate the sec-websocket-origin / origin header
- Add unit tests.

Result:

Generate correct header.
This commit is contained in:
Norman Maurer 2016-06-16 21:22:15 +02:00
parent cad22bb3cf
commit 527a2a693b
8 changed files with 85 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker.java
View File

@ -443,4 +443,26 @@ public abstract class WebSocketClientHandshaker {
return path == null || path.isEmpty() ? "/" : path;
}
static int websocketPort(URI wsURL) {
// Format request
int wsPort = wsURL.getPort();
// check if the URI contained a port if not set the correct one depending on the schema.
// See https://github.com/netty/netty/pull/1558
if (wsPort == -1) {
return "wss".equals(wsURL.getScheme()) ? 443 : 80;
}
return wsPort;
}
static CharSequence websocketOriginValue(String host, int wsPort) {
String originValue = (wsPort == 443 ?
"https" : "http") + "://" + host;
if (wsPort != 80 && wsPort != 443) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
return originValue + ':' + wsPort;
}
return originValue;
}
}

23
codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker00.java
View File

@ -124,25 +124,18 @@ public class WebSocketClientHandshaker00 extends WebSocketClientHandshaker {
// Get path
URI wsURL = uri();
String path = rawPath(wsURL);
int wsPort = websocketPort(wsURL);
String host = wsURL.getHost();
// Format request
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
HttpHeaders headers = request.headers();
headers.add(Names.UPGRADE, Values.WEBSOCKET)
.add(Names.CONNECTION, Values.UPGRADE)
.add(Names.HOST, wsURL.getHost());
int wsPort = wsURL.getPort();
String originValue = "http://" + wsURL.getHost();
if (wsPort != 80 && wsPort != 443) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
originValue = originValue + ':' + wsPort;
}
headers.add(Names.ORIGIN, originValue)
.add(Names.SEC_WEBSOCKET_KEY1, key1)
.add(Names.SEC_WEBSOCKET_KEY2, key2);
headers.add(HttpHeaders.Names.UPGRADE, HttpHeaders.Values.WEBSOCKET)
.add(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.UPGRADE)
.add(HttpHeaders.Names.HOST, host)
.add(HttpHeaders.Names.ORIGIN, websocketOriginValue(host, wsPort))
.add(HttpHeaders.Names.SEC_WEBSOCKET_KEY1, key1)
.add(HttpHeaders.Names.SEC_WEBSOCKET_KEY2, key2);
String expectedSubprotocol = expectedSubprotocol();
if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {

22
codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07.java
View File

@ -108,23 +108,17 @@ public class WebSocketClientHandshaker07 extends WebSocketClientHandshaker {
key, expectedChallengeResponseString);
}
int wsPort = websocketPort(wsURL);
String host = wsURL.getHost();
// Format request
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
HttpHeaders headers = request.headers();
headers.add(Names.UPGRADE, Values.WEBSOCKET.toLowerCase())
.add(Names.CONNECTION, Values.UPGRADE)
.add(Names.SEC_WEBSOCKET_KEY, key)
.add(Names.HOST, wsURL.getHost());
int wsPort = wsURL.getPort();
String originValue = "http://" + wsURL.getHost();
if (wsPort != 80 && wsPort != 443) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
originValue = originValue + ':' + wsPort;
}
headers.add(Names.SEC_WEBSOCKET_ORIGIN, originValue);
headers.add(HttpHeaders.Names.UPGRADE, HttpHeaders.Values.WEBSOCKET)
.add(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.UPGRADE)
.add(HttpHeaders.Names.SEC_WEBSOCKET_KEY, key)
.add(HttpHeaders.Names.HOST, host)
.add(HttpHeaders.Names.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(host, wsPort));
String expectedSubprotocol = expectedSubprotocol();
if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {

22
codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker08.java
View File

@ -108,23 +108,17 @@ public class WebSocketClientHandshaker08 extends WebSocketClientHandshaker {
key, expectedChallengeResponseString);
}
int wsPort = websocketPort(wsURL);
String host = wsURL.getHost();
// Format request
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
HttpHeaders headers = request.headers();
headers.add(Names.UPGRADE, Values.WEBSOCKET.toLowerCase())
.add(Names.CONNECTION, Values.UPGRADE)
.add(Names.SEC_WEBSOCKET_KEY, key)
.add(Names.HOST, wsURL.getHost());
int wsPort = wsURL.getPort();
String originValue = "http://" + wsURL.getHost();
if (wsPort != 80 && wsPort != 443) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
originValue = originValue + ':' + wsPort;
}
headers.add(Names.SEC_WEBSOCKET_ORIGIN, originValue);
headers.add(HttpHeaders.Names.UPGRADE, HttpHeaders.Values.WEBSOCKET)
.add(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.UPGRADE)
.add(HttpHeaders.Names.SEC_WEBSOCKET_KEY, key)
.add(HttpHeaders.Names.HOST, host)
.add(HttpHeaders.Names.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(host, wsPort));
String expectedSubprotocol = expectedSubprotocol();
if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {

31
codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java
View File

@ -109,32 +109,15 @@ public class WebSocketClientHandshaker13 extends WebSocketClientHandshaker {
}
// Format request
int wsPort = wsURL.getPort();
// check if the URI contained a port if not set the correct one depending on the schema.
// See https://github.com/netty/netty/pull/1558
if (wsPort == -1) {
if ("wss".equals(wsURL.getScheme())) {
wsPort = 443;
} else {
wsPort = 80;
}
}
int wsPort = websocketPort(wsURL);
String host = wsURL.getHost();
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
HttpHeaders headers = request.headers();
headers.add(Names.UPGRADE, Values.WEBSOCKET.toLowerCase())
.add(Names.CONNECTION, Values.UPGRADE)
.add(Names.SEC_WEBSOCKET_KEY, key)
.add(Names.HOST, wsURL.getHost() + ':' + wsPort);
String originValue = "http://" + wsURL.getHost();
if (wsPort != 80 && wsPort != 443) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
originValue = originValue + ':' + wsPort;
}
headers.add(Names.SEC_WEBSOCKET_ORIGIN, originValue);
headers.add(HttpHeaders.Names.UPGRADE, HttpHeaders.Values.WEBSOCKET)
.add(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.UPGRADE)
.add(HttpHeaders.Names.SEC_WEBSOCKET_KEY, key)
.add(HttpHeaders.Names.HOST, host + ':' + wsPort)
.add(HttpHeaders.Names.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(host, wsPort));
String expectedSubprotocol = expectedSubprotocol();
if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {

30
codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07Test.java
View File

@ -15,11 +15,41 @@
*/
package io.netty.handler.codec.http.websocketx;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaders;
import org.junit.Test;
import java.net.URI;
import static org.junit.Assert.assertEquals;
public class WebSocketClientHandshaker07Test extends WebSocketClientHandshakerTest {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker07(uri, WebSocketVersion.V07, null, false, null, 1024);
}
@Test
public void testSecOriginWss() {
URI uri = URI.create("wss://localhost/path%20with%20ws");
WebSocketClientHandshaker handshaker = newHandshaker(uri);
FullHttpRequest request = handshaker.newHandshakeRequest();
try {
assertEquals("https://localhost", request.headers().get(HttpHeaders.Names.SEC_WEBSOCKET_ORIGIN));
} finally {
request.release();
}
}
@Test
public void testSecOriginWs() {
URI uri = URI.create("ws://localhost/path%20with%20ws");
WebSocketClientHandshaker handshaker = newHandshaker(uri);
FullHttpRequest request = handshaker.newHandshakeRequest();
try {
assertEquals("http://localhost", request.headers().get(HttpHeaders.Names.SEC_WEBSOCKET_ORIGIN));
} finally {
request.release();
}
}
}

2
codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker08Test.java
View File

@ -17,7 +17,7 @@ package io.netty.handler.codec.http.websocketx;
import java.net.URI;
public class WebSocketClientHandshaker08Test extends WebSocketClientHandshakerTest {
public class WebSocketClientHandshaker08Test extends WebSocketClientHandshaker07Test {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker07(uri, WebSocketVersion.V08, null, false, null, 1024);

2
codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13Test.java
View File

@ -17,7 +17,7 @@ package io.netty.handler.codec.http.websocketx;
import java.net.URI;
public class WebSocketClientHandshaker13Test extends WebSocketClientHandshakerTest {
public class WebSocketClientHandshaker13Test extends WebSocketClientHandshaker07Test {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker13(uri, WebSocketVersion.V13, null, false, null, 1024);