Package: poco Version: 1.9.0 Severity: normal Tags: patch upstream According to the RFC 7230 (https://tools.ietf.org/html/rfc7230#section-3.3.2) the response by WebSocket server with the 101 status code MUST NOT contain a Content-Length header field. In versions prior to 1.9.1 of poco the WebSocket implementation set the Content-Length header field to 0 instead breaking compatibility with other implementations, e.g., the .NET.
The bug is fixed in version 1.9.1 or newer of the library (see https://github.com/pocoproject/poco/commit/a32f40ae83007e3f81c80d9c03e8366e33106609) The patch: diff --git a/Net/src/WebSocket.cpp b/Net/src/WebSocket.cpp index 6ed3ffd4e..d25b00ae2 100644 --- a/Net/src/WebSocket.cpp +++ b/Net/src/WebSocket.cpp @@ -153,7 +153,7 @@ WebSocketImpl* WebSocket::accept(HTTPServerRequest& request, HTTPServerResponse& response.set("Upgrade", "websocket"); response.set("Connection", "Upgrade"); response.set("Sec-WebSocket-Accept", computeAccept(key)); - response.setContentLength(0); + response.setContentLength(HTTPResponse::UNKNOWN_CONTENT_LENGTH); response.send().flush(); HTTPServerRequestImpl& requestImpl = static_cast<HTTPServerRequestImpl&>(request); -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
