Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 (#9312)

Motivation:

Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser
clients, Origin header field may be sent if it makes sense in the context of those clients.

Modification:

Replace Sec-WebSocket-Origin to Origin

Result:

Fixes #9134 .
This commit is contained in:
Andrey Mizurov 2019-07-12 13:05:39 +03:00 committed by Norman Maurer
parent 40228411d7
commit e9fec0a710
5 changed files with 18 additions and 6 deletions

View File

@ -189,7 +189,7 @@ public class WebSocketClientHandshaker13 extends WebSocketClientHandshaker {
* Upgrade: websocket * Upgrade: websocket
* Connection: Upgrade * Connection: Upgrade
* Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
* Sec-WebSocket-Origin: http://example.com * Origin: http://example.com
* Sec-WebSocket-Protocol: chat, superchat * Sec-WebSocket-Protocol: chat, superchat
* Sec-WebSocket-Version: 13 * Sec-WebSocket-Version: 13
* </pre> * </pre>
@ -225,7 +225,7 @@ public class WebSocketClientHandshaker13 extends WebSocketClientHandshaker {
.set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE) .set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key) .set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key)
.set(HttpHeaderNames.HOST, websocketHostValue(wsURL)) .set(HttpHeaderNames.HOST, websocketHostValue(wsURL))
.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(wsURL)); .set(HttpHeaderNames.ORIGIN, websocketOriginValue(wsURL));
String expectedSubprotocol = expectedSubprotocol(); String expectedSubprotocol = expectedSubprotocol();
if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) { if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {
@ -251,7 +251,7 @@ public class WebSocketClientHandshaker13 extends WebSocketClientHandshaker {
* *
* @param response * @param response
* HTTP response returned from the server for the request sent by beginOpeningHandshake00(). * HTTP response returned from the server for the request sent by beginOpeningHandshake00().
* @throws WebSocketHandshakeException * @throws WebSocketHandshakeException if handshake response is invalid.
*/ */
@Override @Override
protected void verify(FullHttpResponse response) { protected void verify(FullHttpResponse response) {

View File

@ -115,7 +115,7 @@ public class WebSocketServerHandshaker13 extends WebSocketServerHandshaker {
* Upgrade: websocket * Upgrade: websocket
* Connection: Upgrade * Connection: Upgrade
* Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
* Sec-WebSocket-Origin: http://example.com * Origin: http://example.com
* Sec-WebSocket-Protocol: chat, superchat * Sec-WebSocket-Protocol: chat, superchat
* Sec-WebSocket-Version: 13 * Sec-WebSocket-Version: 13
* </pre> * </pre>

View File

@ -46,7 +46,7 @@ public class WebSocketClientHandshaker07Test extends WebSocketClientHandshakerTe
HttpHeaderNames.CONNECTION, HttpHeaderNames.CONNECTION,
HttpHeaderNames.SEC_WEBSOCKET_KEY, HttpHeaderNames.SEC_WEBSOCKET_KEY,
HttpHeaderNames.HOST, HttpHeaderNames.HOST,
HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, getOriginHeaderName(),
HttpHeaderNames.SEC_WEBSOCKET_VERSION, HttpHeaderNames.SEC_WEBSOCKET_VERSION,
}; };
} }

View File

@ -15,11 +15,13 @@
*/ */
package io.netty.handler.codec.http.websocketx; package io.netty.handler.codec.http.websocketx;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpHeaders;
import java.net.URI; import java.net.URI;
public class WebSocketClientHandshaker13Test extends WebSocketClientHandshaker07Test { public class WebSocketClientHandshaker13Test extends WebSocketClientHandshaker07Test {
@Override @Override
protected WebSocketClientHandshaker newHandshaker(URI uri, String subprotocol, HttpHeaders headers, protected WebSocketClientHandshaker newHandshaker(URI uri, String subprotocol, HttpHeaders headers,
boolean absoluteUpgradeUrl) { boolean absoluteUpgradeUrl) {
@ -27,4 +29,10 @@ public class WebSocketClientHandshaker13Test extends WebSocketClientHandshaker07
1024, true, true, 10000, 1024, true, true, 10000,
absoluteUpgradeUrl); absoluteUpgradeUrl);
} }
@Override
protected CharSequence getOriginHeaderName() {
return HttpHeaderNames.ORIGIN;
}
} }

View File

@ -138,7 +138,11 @@ public class WebSocketRequestBuilder {
headers.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key); headers.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key);
} }
if (origin != null) { if (origin != null) {
headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, origin); if (version == WebSocketVersion.V13 || version == WebSocketVersion.V00) {
headers.set(HttpHeaderNames.ORIGIN, origin);
} else {
headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, origin);
}
} }
if (version != null) { if (version != null) {
headers.set(HttpHeaderNames.SEC_WEBSOCKET_VERSION, version.toHttpHeaderValue()); headers.set(HttpHeaderNames.SEC_WEBSOCKET_VERSION, version.toHttpHeaderValue());