From be26f4e00fe1c7aeaec0356f4f16ea643ca2f6da Mon Sep 17 00:00:00 2001 From: Andrey Mizurov Date: Fri, 12 Jul 2019 13:05:39 +0300 Subject: [PATCH] Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 (#9312) Motivation: Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser clients, Origin header field may be sent if it makes sense in the context of those clients. Modification: Replace Sec-WebSocket-Origin to Origin Result: Fixes #9134 . --- .../http/websocketx/WebSocketClientHandshaker13.java | 6 +++--- .../http/websocketx/WebSocketServerHandshaker13.java | 2 +- .../http/websocketx/WebSocketClientHandshaker07Test.java | 2 +- .../http/websocketx/WebSocketClientHandshaker13Test.java | 8 ++++++++ .../codec/http/websocketx/WebSocketRequestBuilder.java | 6 +++++- 5 files changed, 18 insertions(+), 6 deletions(-) diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java index b3cf60432cc..f0ea38c0d89 100644 --- a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java +++ b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java @@ -189,7 +189,7 @@ public WebSocketClientHandshaker13(URI webSocketURL, WebSocketVersion version, S * Upgrade: websocket * Connection: Upgrade * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== - * Sec-WebSocket-Origin: http://example.com + * Origin: http://example.com * Sec-WebSocket-Protocol: chat, superchat * Sec-WebSocket-Version: 13 * @@ -225,7 +225,7 @@ protected FullHttpRequest newHandshakeRequest() { .set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE) .set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key) .set(HttpHeaderNames.HOST, websocketHostValue(wsURL)) - .set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(wsURL)); + .set(HttpHeaderNames.ORIGIN, websocketOriginValue(wsURL)); String expectedSubprotocol = expectedSubprotocol(); if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) { @@ -251,7 +251,7 @@ protected FullHttpRequest newHandshakeRequest() { * * @param response * HTTP response returned from the server for the request sent by beginOpeningHandshake00(). - * @throws WebSocketHandshakeException + * @throws WebSocketHandshakeException if handshake response is invalid. */ @Override protected void verify(FullHttpResponse response) { diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketServerHandshaker13.java b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketServerHandshaker13.java index 79d7b53ebbb..976e48bc526 100644 --- a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketServerHandshaker13.java +++ b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketServerHandshaker13.java @@ -115,7 +115,7 @@ public WebSocketServerHandshaker13( * Upgrade: websocket * Connection: Upgrade * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== - * Sec-WebSocket-Origin: http://example.com + * Origin: http://example.com * Sec-WebSocket-Protocol: chat, superchat * Sec-WebSocket-Version: 13 * diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07Test.java b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07Test.java index 01acaf92b51..acc10d7c244 100644 --- a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07Test.java +++ b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07Test.java @@ -46,7 +46,7 @@ protected CharSequence[] getHandshakeHeaderNames() { HttpHeaderNames.CONNECTION, HttpHeaderNames.SEC_WEBSOCKET_KEY, HttpHeaderNames.HOST, - HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, + getOriginHeaderName(), HttpHeaderNames.SEC_WEBSOCKET_VERSION, }; } diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13Test.java b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13Test.java index 9a72e2feb1a..cdd9bd71ba5 100644 --- a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13Test.java +++ b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13Test.java @@ -15,11 +15,13 @@ */ package io.netty.handler.codec.http.websocketx; +import io.netty.handler.codec.http.HttpHeaderNames; import io.netty.handler.codec.http.HttpHeaders; import java.net.URI; public class WebSocketClientHandshaker13Test extends WebSocketClientHandshaker07Test { + @Override protected WebSocketClientHandshaker newHandshaker(URI uri, String subprotocol, HttpHeaders headers, boolean absoluteUpgradeUrl) { @@ -27,4 +29,10 @@ protected WebSocketClientHandshaker newHandshaker(URI uri, String subprotocol, H 1024, true, true, 10000, absoluteUpgradeUrl); } + + @Override + protected CharSequence getOriginHeaderName() { + return HttpHeaderNames.ORIGIN; + } + } diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketRequestBuilder.java b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketRequestBuilder.java index fd199b864fb..65ef489edb2 100644 --- a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketRequestBuilder.java +++ b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketRequestBuilder.java @@ -138,7 +138,11 @@ public FullHttpRequest build() { headers.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key); } if (origin != null) { - headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, origin); + if (version == WebSocketVersion.V13 || version == WebSocketVersion.V00) { + headers.set(HttpHeaderNames.ORIGIN, origin); + } else { + headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, origin); + } } if (version != null) { headers.set(HttpHeaderNames.SEC_WEBSOCKET_VERSION, version.toHttpHeaderValue());