Skip to content

Commit

Permalink
Check websocket upgrade headers case independently (#105)
Browse files Browse the repository at this point in the history
  • Loading branch information
Erik Corry authored Jul 21, 2023
1 parent ab3ce15 commit aabac63
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 9 deletions.
15 changes: 8 additions & 7 deletions src/web_socket.toit
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ class WebSocket:
// The WebSocket nonce is not very important and does not need to be
// cryptographically random.
nonce := base64.encode (ByteArray 16: random 0x100)
headers.add "Connection" "upgrade"
headers.add "Connection" "Upgrade"
headers.add "Upgrade" "websocket"
headers.add "Sec-WebSocket-Key" nonce
headers.add "Sec-WebSocket-Version" "13"
Expand Down Expand Up @@ -278,14 +278,15 @@ class WebSocket:
version_header := request.headers.single "Sec-WebSocket-Version"
nonce := request.headers.single "Sec-WebSocket-Key"
message := null
if nonce == null: message = "No nonce"
else if nonce.size != 24: message = "Bad nonce size"
else if connection_header != "upgrade": message = "No Connection: upgrade"
else if upgrade_header != "websocket": message = "No Upgrade: websocket"
else if version_header != "13": message = "Unrecognized Websocket version"
if nonce == null: message = "No nonce"
else if nonce.size != 24: message = "Bad nonce size"
else if not connection_header or not upgrade_header: message = "No upgrade headers"
else if (Headers.ascii_normalize_ connection_header) != "Upgrade": message = "No Connection: Upgrade"
else if (Headers.ascii_normalize_ upgrade_header) != "Websocket": message = "No Upgrade: websocket"
else if version_header != "13": message = "Unrecognized Websocket version"
else:
response_writer.headers.add "Sec-WebSocket-Accept" (response_ nonce)
response_writer.headers.add "Connection" "upgrade"
response_writer.headers.add "Connection" "Upgrade"
response_writer.headers.add "Upgrade" "websocket"
return nonce
response_writer.write_headers STATUS_BAD_REQUEST --message=message
Expand Down
3 changes: 1 addition & 2 deletions tests/google_test.toit
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,7 @@ main:
security_store := http.SecurityStoreInMemory
client := http.Client.tls network
--security_store=security_store
--root_certificates=[certificate_roots.GLOBALSIGN_ROOT_CA,
certificate_roots.GTS_ROOT_R1]
--root_certificates=[certificate_roots.GTS_ROOT_R1]
response := client.get "script.google.com" "/"
while data := response.body.read:
response = client.get "www.google.com" "/"
Expand Down

0 comments on commit aabac63

Please sign in to comment.