From 536376a43ac23c67908266b03a85e76b78251fdc Mon Sep 17 00:00:00 2001 From: David Estes Date: Wed, 8 May 2019 09:40:06 -0400 Subject: [PATCH] Removes Sec-WebSocket-Origin From Websocket HS Sec-WebSocket-Origin is a Server to Client handshake not a Client to Server handshake header per the websocket RFC specification. This Resolves Issue #9134 --- .../codec/http/websocketx/WebSocketClientHandshaker13.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java index a96683f2d11..7696df0b719 100644 --- a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java +++ b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java @@ -151,7 +151,6 @@ public WebSocketClientHandshaker13(URI webSocketURL, WebSocketVersion version, S * Upgrade: websocket * Connection: Upgrade * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== - * Sec-WebSocket-Origin: http://example.com * Sec-WebSocket-Protocol: chat, superchat * Sec-WebSocket-Version: 13 * @@ -188,8 +187,7 @@ protected FullHttpRequest newHandshakeRequest() { headers.set(HttpHeaderNames.UPGRADE, HttpHeaderValues.WEBSOCKET) .set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE) .set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key) - .set(HttpHeaderNames.HOST, websocketHostValue(wsURL)) - .set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(wsURL)); + .set(HttpHeaderNames.HOST, websocketHostValue(wsURL)); String expectedSubprotocol = expectedSubprotocol(); if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {