https://bz.apache.org/bugzilla/show_bug.cgi?id=60617
Bug ID: 60617
Summary: WsWebSocketContainer generates bad CONNECT request
when proxy is used
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: WebSocket
Assignee: dev@tomcat.apache.org
Reporter: svetlin.za...@abv.bg
Target Milestone: ----
Issue Description
===
WsWebSocketContainer generates bad CONNECT request when a proxy is used. The
host does not contain port information, hence the app cannot connect to wss://
endpoints. Also some stricter proxy servers may reject requests without port
info, thus making WsWebSocketContainer.connectToServer() fail for both ws://
and wss:// endpoints.
Steps to reproduce
===
Prerequisites
---
1. Download Tomcat 8.5.9
2. Configure it to use port 8081
3. Clone g...@github.com:adamfisk/LittleProxy.git
4. Clone MCVE: g...@github.com:SvetlinZarev/websocket-tomcat-bug.git
5. Build (3), (4) -> mvn clean install (you may want to rename the mcve to
ROOT)
You can use any other proxy if you already have one.
How to reproduce it
---
1. Start LittleProxy (it defaults to port 8080)
2. Configure Tomcat use the proxy: export
CATALINA_OPTS="-Dhttp.proxyHost=localhost -Dhttp.proxyPort=8080
-Dhttps.proxyHost=localhost -Dhttps.proxyPort=8080"
3. Start tomcat: catalina.sh run
4. Request the mcve: http://localhost:8081/ws
Expected behavior
---
You should see:
Connected. Sending message...
Message: Hello World!
Disconnected:
Actual behavior
---
An exception is thrown. In case of LittleProxy it is a timeout exception during
channel.handshake().get(); In my other case it is a DeploymentException caused
by a bad request, because the (stricter) proxy rejected the request because it
does not contain port info.
Additional information
---
You can play with the mcve by adding the following request parameters:
* scheme - i.e. ws://, wss://
* server - i.e. echo.websocket.org
Request the mcve with:
http://localhost:8081/ws?scheme=wss://&server=echo.websocket.org:443
It will succeed. Now remove the port from the server string. It will fail.
===
According to rfc2817 section 5.2:
A CONNECT method requests that a proxy establish a tunnel connection on its
behalf. The Request-URI portion of the Request-Line is always an 'authority' as
defined by URI Generic Syntax [2], which is to say the host name and port
number destination of the requested connection separated by a colon
Also by the never finalized draft
https://tools.ietf.org/html/draft-luotonen-web-proxy-tunneling-01#section-3.1:
The client connects to the proxy server, and uses the CONNECT method to
specify the hostname and the port number to connect to. The hostname and port
number are separated by a colon, and both of them must be specified
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
