Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebSocketClientHandshaker13 Invalid Handshake #9134

Closed
davydotcom opened this issue May 7, 2019 · 5 comments · Fixed by #9312
Closed

WebSocketClientHandshaker13 Invalid Handshake #9134

davydotcom opened this issue May 7, 2019 · 5 comments · Fixed by #9312
Milestone
4.1.38.Final

Comments

@davydotcom
Copy link

Expected behavior

Origin Header should be sent on handshake

Actual behavior

Sec-WebSocket-Origin Header is sent instead which is not a client handshake but rather a server to client origin handshake per the Specification
@normanmaurer
Copy link
Member

@davydotcom do you have a reproducer ?

@davydotcom
Copy link
Author

davydotcom commented May 8, 2019 via email

@normanmaurer
Copy link
Member

normanmaurer commented May 8, 2019 via email

davydotcom added a commit to davydotcom/netty that referenced this issue May 8, 2019
@davydotcom
Removes Sec-WebSocket-Origin From Websocket HS
536376a 
Sec-WebSocket-Origin is a Server to Client handshake not a Client to Server handshake header per the websocket RFC specification. This Resolves Issue netty#9134
@davydotcom davydotcom mentioned this issue May 8, 2019
Closed
amizurov added a commit to amizurov/netty that referenced this issue Jul 1, 2019
@amizurov
Fixed incorrect Sec-WebSocket-Origin header for v13, see netty#9134
53fca75
@amizurov amizurov mentioned this issue Jul 1, 2019
Merged
normanmaurer pushed a commit that referenced this issue Jul 12, 2019
@amizurov @normanmaurer
Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 (#9312)
be26f4e 
Motivation:

Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser
clients, Origin header field may be sent if it makes sense in the context of those clients.

Modification:

Replace Sec-WebSocket-Origin to Origin

Result:

Fixes #9134 .
@normanmaurer normanmaurer added this to the 4.1.38.Final milestone Jul 12, 2019
normanmaurer pushed a commit that referenced this issue Jul 12, 2019
@amizurov @normanmaurer
Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 (#9312)
e9fec0a 
Motivation:

Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser
clients, Origin header field may be sent if it makes sense in the context of those clients.

Modification:

Replace Sec-WebSocket-Origin to Origin

Result:

Fixes #9134 .
@marci74
Copy link

marci74 commented Aug 8, 2019
edited

We use Netty through Vert.x for a proxy application. For some of our websocket tests we modify the "origin" header of the client requests. This does not work anymore due to the changes here. Also we need to pass the "origin" header downstream. This is not possible anymore and we are stuck here. Maybe you can change the behaviour and set the "origin" header only if it is not already present?

@marci74
Copy link

marci74 commented Aug 8, 2019

Resolved in #9435. Sorry for the duplicate comment.

@tmsimont tmsimont mentioned this issue Jul 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.1.38.Final
Development

Successfully merging a pull request may close this issue.

Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 amizurov/netty
3 participants
@davydotcom @normanmaurer @marci74