New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bugfix #9673: Origin header is always sent from WebSocket client #9692
Bugfix #9673: Origin header is always sent from WebSocket client #9692
Conversation
Can one of the admins verify this patch? |
@normanmaurer, @trustin, @vietj, @slandelle |
@slandelle @vietj any idea ? |
hi, guys. yet another 2 weeks have passed... |
@ursaj can you link me to the details in the spec ? |
https://tools.ietf.org/html/rfc6455
|
The same is valid for draft versions of WebSocket protocol, e.g.:
|
/cc @amizurov |
@ursaj sorry for the slow turn around |
Those who need 'Origin' or 'Sec-WebSocket-Origin' headers should provide them explicitly, like it is stated in WebSocket specs. E.g. through custom headers: HttpHeaders customHeaders = new DefaultHttpHeaders() .add(HttpHeaderNames.ORIGIN, "http://localhost:8080"); new WebSocketClientProtocolHandler( new URI("ws://localhost:1234/test"), WebSocketVersion.V13, subprotocol, allowExtensions, customHeaders, maxFramePayloadLength, handshakeTimeoutMillis) * Remove enforced origin headers. * Update tests Fixes #9673: Origin header is always sent from WebSocket client
obstacles (slow turn around) are not so important, when job is done =) |
Sorry I need to revert this as it needs more thoughts. |
…t client (netty#9692)" This reverts commit f48d9fa as it needs more thoughts
Motivation:
Those who need 'Origin' or 'Sec-WebSocket-Origin' headers should provide them explicitly, like it is stated in WebSocket specs.
E.g. through custom headers:
Modification:
Result:
Fixes #9673: Origin header is always sent from WebSocket client