Skip to content

Commit

Permalink
[#5402] sec-websocket-origin should mention HTTPS
Browse files Browse the repository at this point in the history 
Motivation:

When HTTPS is used we should use https in the sec-websocket-origin / origin header

Modifications:

- Correctly generate the sec-websocket-origin / origin header
- Add unit tests.

Result:

Generate correct header.
  • Loading branch information
@normanmaurer
normanmaurer committed Jun 20, 2016
1 parent 3288cac commit 16be36a
Show file tree
Hide file tree
Showing 8 changed files with 73 additions and 53 deletions.
23 changes: 23 additions & 0 deletions ...-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker.java
View file
Expand Up @@ -32,6 +32,7 @@
import io.netty.handler.codec.http.HttpRequestEncoder;
import io.netty.handler.codec.http.HttpResponse;
import io.netty.handler.codec.http.HttpResponseDecoder;
import io.netty.handler.codec.http.HttpScheme;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.StringUtil;
Expand Down Expand Up @@ -444,4 +445,26 @@ static String rawPath(URI wsURL) {

return path == null || path.isEmpty() ? "/" : path;
}

static int websocketPort(URI wsURL) {
// Format request
int wsPort = wsURL.getPort();
// check if the URI contained a port if not set the correct one depending on the schema.
// See https://github.com/netty/netty/pull/1558
if (wsPort == -1) {
return "wss".equals(wsURL.getScheme()) ? HttpScheme.HTTPS.port() : HttpScheme.HTTP.port();
}
return wsPort;
}

static CharSequence websocketOriginValue(String host, int wsPort) {
String originValue = (wsPort == HttpScheme.HTTPS.port() ?
HttpScheme.HTTPS.name() : HttpScheme.HTTP.name()) + "://" + host;
if (wsPort != HttpScheme.HTTP.port() && wsPort != HttpScheme.HTTPS.port()) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
return originValue + ':' + wsPort;
}
return originValue;
}
}
15 changes: 4 additions & 11 deletions ...ttp/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker00.java
View file
Expand Up @@ -127,23 +127,16 @@ protected FullHttpRequest newHandshakeRequest() {
// Get path
URI wsURL = uri();
String path = rawPath(wsURL);
int wsPort = websocketPort(wsURL);
String host = wsURL.getHost();

// Format request
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
HttpHeaders headers = request.headers();
headers.add(HttpHeaderNames.UPGRADE, WEBSOCKET)
.add(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
.add(HttpHeaderNames.HOST, wsURL.getHost());

int wsPort = wsURL.getPort();
String originValue = "http://" + wsURL.getHost();
if (wsPort != 80 && wsPort != 443) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
originValue = originValue + ':' + wsPort;
}

headers.add(HttpHeaderNames.ORIGIN, originValue)
.add(HttpHeaderNames.HOST, host)
.add(HttpHeaderNames.ORIGIN, websocketOriginValue(host, wsPort))
.add(HttpHeaderNames.SEC_WEBSOCKET_KEY1, key1)
.add(HttpHeaderNames.SEC_WEBSOCKET_KEY2, key2);

Expand Down
15 changes: 5 additions & 10 deletions ...ttp/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07.java
View file
Expand Up @@ -141,23 +141,18 @@ protected FullHttpRequest newHandshakeRequest() {
key, expectedChallengeResponseString);
}

int wsPort = websocketPort(wsURL);
String host = wsURL.getHost();

// Format request
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
HttpHeaders headers = request.headers();

headers.add(HttpHeaderNames.UPGRADE, HttpHeaderValues.WEBSOCKET)
.add(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
.add(HttpHeaderNames.SEC_WEBSOCKET_KEY, key)
.add(HttpHeaderNames.HOST, wsURL.getHost());

int wsPort = wsURL.getPort();
String originValue = "http://" + wsURL.getHost();
if (wsPort != 80 && wsPort != 443) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
originValue = originValue + ':' + wsPort;
}
headers.add(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, originValue);
.add(HttpHeaderNames.HOST, host)
.add(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(host, wsPort));

String expectedSubprotocol = expectedSubprotocol();
if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {
Expand Down
15 changes: 5 additions & 10 deletions ...ttp/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker08.java
View file
Expand Up @@ -142,23 +142,18 @@ protected FullHttpRequest newHandshakeRequest() {
key, expectedChallengeResponseString);
}

int wsPort = websocketPort(wsURL);
String host = wsURL.getHost();

// Format request
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
HttpHeaders headers = request.headers();

headers.add(HttpHeaderNames.UPGRADE, HttpHeaderValues.WEBSOCKET)
.add(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
.add(HttpHeaderNames.SEC_WEBSOCKET_KEY, key)
.add(HttpHeaderNames.HOST, wsURL.getHost());

int wsPort = wsURL.getPort();
String originValue = "http://" + wsURL.getHost();
if (wsPort != 80 && wsPort != 443) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
originValue = originValue + ':' + wsPort;
}
headers.add(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, originValue);
.add(HttpHeaderNames.HOST, host)
.add(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(host, wsPort));

String expectedSubprotocol = expectedSubprotocol();
if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {
Expand Down
24 changes: 4 additions & 20 deletions ...ttp/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java
View file
Expand Up @@ -143,32 +143,16 @@ protected FullHttpRequest newHandshakeRequest() {
}

// Format request
int wsPort = wsURL.getPort();
// check if the URI contained a port if not set the correct one depending on the schema.
// See https://github.com/netty/netty/pull/1558
if (wsPort == -1) {
if ("wss".equals(wsURL.getScheme())) {
wsPort = 443;
} else {
wsPort = 80;
}
}

int wsPort = websocketPort(wsURL);
String host = wsURL.getHost();
FullHttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
HttpHeaders headers = request.headers();

headers.add(HttpHeaderNames.UPGRADE, HttpHeaderValues.WEBSOCKET)
.add(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
.add(HttpHeaderNames.SEC_WEBSOCKET_KEY, key)
.add(HttpHeaderNames.HOST, wsURL.getHost() + ':' + wsPort);

String originValue = "http://" + wsURL.getHost();
if (wsPort != 80 && wsPort != 443) {
// if the port is not standard (80/443) its needed to add the port to the header.
// See http://tools.ietf.org/html/rfc6454#section-6.2
originValue = originValue + ':' + wsPort;
}
headers.add(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, originValue);
.add(HttpHeaderNames.HOST, host + ':' + wsPort)
.add(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(host, wsPort));

String expectedSubprotocol = expectedSubprotocol();
if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {
Expand Down
30 changes: 30 additions & 0 deletions ...src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07Test.java
View file
Expand Up @@ -15,11 +15,41 @@
*/
package io.netty.handler.codec.http.websocketx;

import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaderNames;
import org.junit.Test;

import java.net.URI;

import static org.junit.Assert.assertEquals;

public class WebSocketClientHandshaker07Test extends WebSocketClientHandshakerTest {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker07(uri, WebSocketVersion.V07, null, false, null, 1024);
}

@Test
public void testSecOriginWss() {
URI uri = URI.create("wss://localhost/path%20with%20ws");
WebSocketClientHandshaker handshaker = newHandshaker(uri);
FullHttpRequest request = handshaker.newHandshakeRequest();
try {
assertEquals("https://localhost", request.headers().get(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN));
} finally {
request.release();
}
}

@Test
public void testSecOriginWs() {
URI uri = URI.create("ws://localhost/path%20with%20ws");
WebSocketClientHandshaker handshaker = newHandshaker(uri);
FullHttpRequest request = handshaker.newHandshakeRequest();
try {
assertEquals("http://localhost", request.headers().get(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN));
} finally {
request.release();
}
}
}
2 changes: 1 addition & 1 deletion ...src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker08Test.java
View file
Expand Up @@ -17,7 +17,7 @@

import java.net.URI;

public class WebSocketClientHandshaker08Test extends WebSocketClientHandshakerTest {
public class WebSocketClientHandshaker08Test extends WebSocketClientHandshaker07Test {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker07(uri, WebSocketVersion.V08, null, false, null, 1024);
Expand Down
2 changes: 1 addition & 1 deletion ...src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13Test.java
View file
Expand Up @@ -17,7 +17,7 @@

import java.net.URI;

public class WebSocketClientHandshaker13Test extends WebSocketClientHandshakerTest {
public class WebSocketClientHandshaker13Test extends WebSocketClientHandshaker07Test {
@Override
protected WebSocketClientHandshaker newHandshaker(URI uri) {
return new WebSocketClientHandshaker13(uri, WebSocketVersion.V13, null, false, null, 1024);
Expand Down

0 comments on commit 16be36a

Please sign in to comment.