fix(ext/http): allow multiple values in upgrade header for websocket (#12551)

Co-authored-by: Aaron O'Mullan <aaron.omullan@gmail.com>

3 files changed, 19 insertions, 12 deletions

diff --git a/cli/tests/unit/http_test.ts b/cli/tests/unit/http_test.ts
index 080b94a1d..d947282db 100644
--- a/cli/tests/unit/http_test.ts
+++ b/cli/tests/unit/http_test.ts
@@ -726,10 +726,10 @@ unitTest(function httpUpgradeWebSocket() {
   );
 });
 
-unitTest(function httpUpgradeWebSocketLowercaseUpgradeHeader() {
+unitTest(function httpUpgradeWebSocketMultipleConnectionOptions() {
   const request = new Request("https://deno.land/", {
     headers: {
-      connection: "upgrade",
+      connection: "keep-alive, upgrade",
       upgrade: "websocket",
       "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
     },
@@ -738,11 +738,11 @@ unitTest(function httpUpgradeWebSocketLowercaseUpgradeHeader() {
   assertEquals(response.status, 101);
 });
 
-unitTest(function httpUpgradeWebSocketMultipleConnectionOptions() {
+unitTest(function httpUpgradeWebSocketMultipleUpgradeOptions() {
   const request = new Request("https://deno.land/", {
     headers: {
-      connection: "keep-alive, upgrade",
-      upgrade: "websocket",
+      connection: "upgrade",
+      upgrade: "websocket, foo",
       "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
     },
   });
@@ -754,7 +754,7 @@ unitTest(function httpUpgradeWebSocketCaseInsensitiveUpgradeHeader() {
   const request = new Request("https://deno.land/", {
     headers: {
       connection: "upgrade",
-      upgrade: "websocket",
+      upgrade: "Websocket",
       "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
     },
   });
@@ -775,7 +775,7 @@ unitTest(function httpUpgradeWebSocketInvalidUpgradeHeader() {
       Deno.upgradeWebSocket(request);
     },
     TypeError,
-    "Invalid Header: 'upgrade' header must be 'websocket'",
+    "Invalid Header: 'upgrade' header must contain 'websocket'",
   );
 });
 
@@ -791,7 +791,7 @@ unitTest(function httpUpgradeWebSocketWithoutUpgradeHeader() {
       Deno.upgradeWebSocket(request);
     },
     TypeError,
-    "Invalid Header: 'upgrade' header must be 'websocket'",
+    "Invalid Header: 'upgrade' header must contain 'websocket'",
   );
 });
 
diff --git a/ext/http/01_http.js b/ext/http/01_http.js
index 9ce6997c6..9f05809f5 100644
--- a/ext/http/01_http.js
+++ b/ext/http/01_http.js
@@ -349,9 +349,14 @@
 
   function upgradeWebSocket(request, options = {}) {
     const upgrade = request.headers.get("upgrade");
-    if (!upgrade || StringPrototypeToLowerCase(upgrade) !== "websocket") {
+    const upgradeHasWebSocketOption = upgrade !== null &&
+      ArrayPrototypeSome(
+        StringPrototypeSplit(upgrade, /\s*,\s*/),
+        (option) => StringPrototypeToLowerCase(option) === "websocket",
+      );
+    if (!upgradeHasWebSocketOption) {
       throw new TypeError(
-        "Invalid Header: 'upgrade' header must be 'websocket'",
+        "Invalid Header: 'upgrade' header must contain 'websocket'",
       );
     }
 
@@ -363,7 +368,7 @@
       );
     if (!connectionHasUpgradeOption) {
       throw new TypeError(
-        "Invalid Header: 'connection' header must be 'Upgrade'",
+        "Invalid Header: 'connection' header must contain 'Upgrade'",
       );
     }
 
diff --git a/ext/http/lib.rs b/ext/http/lib.rs
index ffca4fa2f..aae6415cb 100644
--- a/ext/http/lib.rs
+++ b/ext/http/lib.rs
@@ -332,7 +332,9 @@ fn is_websocket_request(req: &hyper::Request<hyper::Body>) -> bool {
     && req.method() == hyper::Method::GET
     && req.headers().contains_key(&SEC_WEBSOCKET_KEY)
     && header(req.headers(), &SEC_WEBSOCKET_VERSION) == b"13"
-    && header(req.headers(), &UPGRADE).eq_ignore_ascii_case(b"websocket")
+    && header(req.headers(), &UPGRADE)
+      .split(|c| *c == b' ' || *c == b',')
+      .any(|token| token.eq_ignore_ascii_case(b"websocket"))
     && header(req.headers(), &CONNECTION)
       .split(|c| *c == b' ' || *c == b',')
       .any(|token| token.eq_ignore_ascii_case(b"upgrade"))