From 6268703487da02d66552d1e1a42858aa273def90 Mon Sep 17 00:00:00 2001 From: Leo K Date: Tue, 26 Oct 2021 23:06:44 +0200 Subject: fix(ext/http): allow multiple values in upgrade header for websocket (#12551) Co-authored-by: Aaron O'Mullan --- cli/tests/unit/http_test.ts | 16 ++++++++-------- ext/http/01_http.js | 11 ++++++++--- ext/http/lib.rs | 4 +++- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/cli/tests/unit/http_test.ts b/cli/tests/unit/http_test.ts index 080b94a1d..d947282db 100644 --- a/cli/tests/unit/http_test.ts +++ b/cli/tests/unit/http_test.ts @@ -726,10 +726,10 @@ unitTest(function httpUpgradeWebSocket() { ); }); -unitTest(function httpUpgradeWebSocketLowercaseUpgradeHeader() { +unitTest(function httpUpgradeWebSocketMultipleConnectionOptions() { const request = new Request("https://deno.land/", { headers: { - connection: "upgrade", + connection: "keep-alive, upgrade", upgrade: "websocket", "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==", }, @@ -738,11 +738,11 @@ unitTest(function httpUpgradeWebSocketLowercaseUpgradeHeader() { assertEquals(response.status, 101); }); -unitTest(function httpUpgradeWebSocketMultipleConnectionOptions() { +unitTest(function httpUpgradeWebSocketMultipleUpgradeOptions() { const request = new Request("https://deno.land/", { headers: { - connection: "keep-alive, upgrade", - upgrade: "websocket", + connection: "upgrade", + upgrade: "websocket, foo", "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==", }, }); @@ -754,7 +754,7 @@ unitTest(function httpUpgradeWebSocketCaseInsensitiveUpgradeHeader() { const request = new Request("https://deno.land/", { headers: { connection: "upgrade", - upgrade: "websocket", + upgrade: "Websocket", "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==", }, }); @@ -775,7 +775,7 @@ unitTest(function httpUpgradeWebSocketInvalidUpgradeHeader() { Deno.upgradeWebSocket(request); }, TypeError, - "Invalid Header: 'upgrade' header must be 'websocket'", + "Invalid Header: 'upgrade' header must contain 'websocket'", ); }); @@ -791,7 +791,7 @@ unitTest(function httpUpgradeWebSocketWithoutUpgradeHeader() { Deno.upgradeWebSocket(request); }, TypeError, - "Invalid Header: 'upgrade' header must be 'websocket'", + "Invalid Header: 'upgrade' header must contain 'websocket'", ); }); diff --git a/ext/http/01_http.js b/ext/http/01_http.js index 9ce6997c6..9f05809f5 100644 --- a/ext/http/01_http.js +++ b/ext/http/01_http.js @@ -349,9 +349,14 @@ function upgradeWebSocket(request, options = {}) { const upgrade = request.headers.get("upgrade"); - if (!upgrade || StringPrototypeToLowerCase(upgrade) !== "websocket") { + const upgradeHasWebSocketOption = upgrade !== null && + ArrayPrototypeSome( + StringPrototypeSplit(upgrade, /\s*,\s*/), + (option) => StringPrototypeToLowerCase(option) === "websocket", + ); + if (!upgradeHasWebSocketOption) { throw new TypeError( - "Invalid Header: 'upgrade' header must be 'websocket'", + "Invalid Header: 'upgrade' header must contain 'websocket'", ); } @@ -363,7 +368,7 @@ ); if (!connectionHasUpgradeOption) { throw new TypeError( - "Invalid Header: 'connection' header must be 'Upgrade'", + "Invalid Header: 'connection' header must contain 'Upgrade'", ); } diff --git a/ext/http/lib.rs b/ext/http/lib.rs index ffca4fa2f..aae6415cb 100644 --- a/ext/http/lib.rs +++ b/ext/http/lib.rs @@ -332,7 +332,9 @@ fn is_websocket_request(req: &hyper::Request) -> bool { && req.method() == hyper::Method::GET && req.headers().contains_key(&SEC_WEBSOCKET_KEY) && header(req.headers(), &SEC_WEBSOCKET_VERSION) == b"13" - && header(req.headers(), &UPGRADE).eq_ignore_ascii_case(b"websocket") + && header(req.headers(), &UPGRADE) + .split(|c| *c == b' ' || *c == b',') + .any(|token| token.eq_ignore_ascii_case(b"websocket")) && header(req.headers(), &CONNECTION) .split(|c| *c == b' ' || *c == b',') .any(|token| token.eq_ignore_ascii_case(b"upgrade")) -- cgit v1.2.3