Fixed incorrect Sec-WebSocket-Origin header for v13, see netty#9134 (netty#9312)

amizurov · normanmaurer · commit be26f4e00fe1 · 2019-07-12T12:05:39.000+02:00
Motivation: Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser clients, Origin header field may be sent if it makes sense in the context of those clients. Modification: Replace Sec-WebSocket-Origin to Origin Result: Fixes netty#9134 .
diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java
@@ -189,7 +189,7 @@ public WebSocketClientHandshaker13(URI webSocketURL, WebSocketVersion version, S
      * Upgrade: websocket
      * Connection: Upgrade
      * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
-     * Sec-WebSocket-Origin: http://example.com
+     * Origin: http://example.com
      * Sec-WebSocket-Protocol: chat, superchat
      * Sec-WebSocket-Version: 13
      * </pre>
@@ -225,7 +225,7 @@ protected FullHttpRequest newHandshakeRequest() {
                .set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
                .set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key)
                .set(HttpHeaderNames.HOST, websocketHostValue(wsURL))
-               .set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(wsURL));
+               .set(HttpHeaderNames.ORIGIN, websocketOriginValue(wsURL));
 
         String expectedSubprotocol = expectedSubprotocol();
         if (expectedSubprotocol != null && !expectedSubprotocol.isEmpty()) {
@@ -251,7 +251,7 @@ protected FullHttpRequest newHandshakeRequest() {
      *
      * @param response
      *            HTTP response returned from the server for the request sent by beginOpeningHandshake00().
-     * @throws WebSocketHandshakeException
+     * @throws WebSocketHandshakeException if handshake response is invalid.
      */
     @Override
     protected void verify(FullHttpResponse response) {
diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketServerHandshaker13.java b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketServerHandshaker13.java
@@ -115,7 +115,7 @@ public WebSocketServerHandshaker13(
      * Upgrade: websocket
      * Connection: Upgrade
      * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
-     * Sec-WebSocket-Origin: http://example.com
+     * Origin: http://example.com
      * Sec-WebSocket-Protocol: chat, superchat
      * Sec-WebSocket-Version: 13
      * </pre>
diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07Test.java b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07Test.java
@@ -46,7 +46,7 @@ protected CharSequence[] getHandshakeHeaderNames() {
                 HttpHeaderNames.CONNECTION,
                 HttpHeaderNames.SEC_WEBSOCKET_KEY,
                 HttpHeaderNames.HOST,
-                HttpHeaderNames.SEC_WEBSOCKET_ORIGIN,
+                getOriginHeaderName(),
                 HttpHeaderNames.SEC_WEBSOCKET_VERSION,
         };
     }
diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13Test.java b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13Test.java
@@ -15,16 +15,24 @@
  */
 package io.netty.handler.codec.http.websocketx;
 
+import io.netty.handler.codec.http.HttpHeaderNames;
 import io.netty.handler.codec.http.HttpHeaders;
 
 import java.net.URI;
 
 public class WebSocketClientHandshaker13Test extends WebSocketClientHandshaker07Test {
+
     @Override
     protected WebSocketClientHandshaker newHandshaker(URI uri, String subprotocol, HttpHeaders headers,
                                                       boolean absoluteUpgradeUrl) {
         return new WebSocketClientHandshaker13(uri, WebSocketVersion.V13, subprotocol, false, headers,
           1024, true, true, 10000,
           absoluteUpgradeUrl);
     }
+
+    @Override
+    protected CharSequence getOriginHeaderName() {
+        return HttpHeaderNames.ORIGIN;
+    }
+
 }
diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketRequestBuilder.java b/codec-http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketRequestBuilder.java
@@ -138,7 +138,11 @@ public FullHttpRequest build() {
             headers.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key);
         }
         if (origin != null) {
-            headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, origin);
+            if (version == WebSocketVersion.V13 || version == WebSocketVersion.V00) {
+                headers.set(HttpHeaderNames.ORIGIN, origin);
+            } else {
+                headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, origin);
+            }
         }
         if (version != null) {
             headers.set(HttpHeaderNames.SEC_WEBSOCKET_VERSION, version.toHttpHeaderValue());

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ protected CharSequence[] getHandshakeHeaderNames() {`
`46`	`46`	`HttpHeaderNames.CONNECTION,`
`47`	`47`	`HttpHeaderNames.SEC_WEBSOCKET_KEY,`
`48`	`48`	`HttpHeaderNames.HOST,`
`49`		`- HttpHeaderNames.SEC_WEBSOCKET_ORIGIN,`
	`49`	`+ getOriginHeaderName(),`
`50`	`50`	`HttpHeaderNames.SEC_WEBSOCKET_VERSION,`
`51`	`51`	`};`
`52`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,11 @@ public FullHttpRequest build() {`
`138`	`138`	`headers.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key);`
`139`	`139`	`}`
`140`	`140`	`if (origin != null) {`
`141`		`- headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, origin);`
	`141`	`+ if (version == WebSocketVersion.V13 \|\| version == WebSocketVersion.V00) {`
	`142`	`+ headers.set(HttpHeaderNames.ORIGIN, origin);`
	`143`	`+ } else {`
	`144`	`+ headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, origin);`
	`145`	`+ }`
`142`	`146`	`}`
`143`	`147`	`if (version != null) {`
`144`	`148`	`headers.set(HttpHeaderNames.SEC_WEBSOCKET_VERSION, version.toHttpHeaderValue());`