[minor] Prevent opening handshake headers from being overridden

Ensure that the `Connection`, `Sec-WebSocket-Key`, `Sec-WebSocket-Version`, and `Upgrade` headers are not overridden. Refs: #2048 (comment)
websockets · Jun 20, 2022 · 3b6af82 · 3b6af82
1 parent 982b782
commit 3b6af82
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/websocket.js b/lib/websocket.js
@@ -713,11 +713,11 @@ function initAsClient(websocket, address, protocols, options) {
     ? parsedUrl.hostname.slice(1, -1)
     : parsedUrl.hostname;
   opts.headers = {
+    ...opts.headers,
     'Sec-WebSocket-Version': opts.protocolVersion,
     'Sec-WebSocket-Key': key,
     Connection: 'Upgrade',
-    Upgrade: 'websocket',
-    ...opts.headers
+    Upgrade: 'websocket'
   };
   opts.path = parsedUrl.pathname + parsedUrl.search;
   opts.timeout = opts.handshakeTimeout;