branch: externals/websocket
commit 5be01c6d1a8e87d001916fc40a77d779826fcacf
Author: Andrew Hyatt <[email protected]>
Commit: Andrew Hyatt <[email protected]>
Accept a common variation of the websocket header.
The Tornado server sends Sec-Websocket-Accept instead of
Sec-WebSocket-Accept.
Accept this variation, but don't accept any arbitrary header case at this
point.
---
websocket-test.el | 19 +++++++++++++------
websocket.el | 8 ++++----
2 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/websocket-test.el b/websocket-test.el
index f6a9c25ffa..f8cbe09657 100644
--- a/websocket-test.el
+++ b/websocket-test.el
@@ -120,25 +120,32 @@
(ert-deftest websocket-verify-headers ()
(let ((accept "Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=")
+ (accept-alt-case "Sec-Websocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=")
(invalid-accept "Sec-WebSocket-Accept: bad")
(upgrade "Upgrade: websocket")
+ (upgrade-alt-case "Upgrade: Websocket")
(connection "Connection: upgrade")
(ws (websocket-inner-create
:conn "fake-conn" :url "ws://foo/bar"
:accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="))
(ws-with-protocol
(websocket-inner-create
- :conn "fake-conn" :url "ws://foo/bar"
- :accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
- :protocols '("myprotocol")))
+ :conn "fake-conn" :url "ws://foo/bar"
+ :accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
+ :protocols '("myprotocol")))
(ws-with-extensions
(websocket-inner-create
- :conn "fake-conn" :url "ws://foo/bar"
- :accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
- :extensions '("ext1" "ext2"))))
+ :conn "fake-conn" :url "ws://foo/bar"
+ :accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
+ :extensions '("ext1" "ext2"))))
(should (websocket-verify-headers
ws
(websocket-test-header-with-lines accept upgrade connection)))
+ ;; Force case sensitivity to make sure we aren't too case sensitive.
+ (let ((case-fold-search nil))
+ (should (websocket-verify-headers
+ ws
+ (websocket-test-header-with-lines accept-alt-case
upgrade-alt-case connection))))
(should-error
(websocket-verify-headers
ws
diff --git a/websocket.el b/websocket.el
index 68e847cf1c..95dd042c9d 100644
--- a/websocket.el
+++ b/websocket.el
@@ -797,10 +797,10 @@ connection is invalid, the connection will be closed."
The output is assumed to have complete headers. This function
will either return t or call `error'. This has the side-effect
of populating the list of server extensions to WEBSOCKET."
- (let ((accept-string
- (concat "Sec-WebSocket-Accept: " (websocket-accept-string
websocket))))
- (websocket-debug websocket "Checking for accept header: %s" accept-string)
- (unless (string-match (regexp-quote accept-string) output)
+ (let ((accept-regexp
+ (concat "Sec-Web[Ss]ocket-Accept: " (regexp-quote
(websocket-accept-string websocket)))))
+ (websocket-debug websocket "Checking for accept header regexp: %s"
accept-regexp)
+ (unless (string-match accept-regexp output)
(signal 'websocket-invalid-header
(list "Incorrect handshake from websocket: is this really a
websocket connection?"))))
(let ((case-fold-search t))
