From 8b34f07bb000a16b60b119ee24f5c0b4a5f7f937 Mon Sep 17 00:00:00 2001
From: Luca Casonato <hello@lcas.dev>
Date: Thu, 22 Jul 2021 14:28:55 +0200
Subject: fix(http/ws): case insensitive connection header (#11489)

The "connection" header should be case insensitive:
https://datatracker.ietf.org/doc/html/rfc7230#section-6.1
---
 cli/tests/unit/http_test.ts | 32 +++++++++++++++++++++++++++++++-
 extensions/http/01_http.js  |  2 +-
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/cli/tests/unit/http_test.ts b/cli/tests/unit/http_test.ts
index bf351cd48..f9a44d8ef 100644
--- a/cli/tests/unit/http_test.ts
+++ b/cli/tests/unit/http_test.ts
@@ -642,7 +642,7 @@ unitTest({ perms: { net: true } }, async function httpServerWebSocket() {
       const {
         response,
         websocket,
-      } = await Deno.upgradeWebSocket(request);
+      } = Deno.upgradeWebSocket(request);
       websocket.onerror = () => fail();
       websocket.onmessage = (m) => {
         websocket.send(m.data);
@@ -663,6 +663,36 @@ unitTest({ perms: { net: true } }, async function httpServerWebSocket() {
   await promise;
 });
 
+unitTest(function httpUpgradeWebSocket() {
+  const request = new Request("https://deno.land/", {
+    headers: {
+      connection: "Upgrade",
+      upgrade: "websocket",
+      "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
+    },
+  });
+  const { response } = Deno.upgradeWebSocket(request);
+  assertEquals(response.status, 101);
+  assertEquals(response.headers.get("connection"), "Upgrade");
+  assertEquals(response.headers.get("upgrade"), "websocket");
+  assertEquals(
+    response.headers.get("sec-websocket-accept"),
+    "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=",
+  );
+});
+
+unitTest(function httpUpgradeWebSocketLowercaseUpgradeHeader() {
+  const request = new Request("https://deno.land/", {
+    headers: {
+      connection: "upgrade",
+      upgrade: "websocket",
+      "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
+    },
+  });
+  const { response } = Deno.upgradeWebSocket(request);
+  assertEquals(response.status, 101);
+});
+
 unitTest({ perms: { net: true } }, async function httpCookieConcatenation() {
   const promise = (async () => {
     const listener = Deno.listen({ port: 4501 });
diff --git a/extensions/http/01_http.js b/extensions/http/01_http.js
index 4bcdf1f07..e0f221ce0 100644
--- a/extensions/http/01_http.js
+++ b/extensions/http/01_http.js
@@ -321,7 +321,7 @@
       );
     }
 
-    if (request.headers.get("connection") !== "Upgrade") {
+    if (request.headers.get("connection")?.toLowerCase() !== "upgrade") {
       throw new TypeError(
         "Invalid Header: 'connection' header must be 'Upgrade'",
       );
-- 
cgit v1.2.3