From 78102ac061800530639d62d26e847f807716383b Mon Sep 17 00:00:00 2001
From: Nick Tazelaar <ntazelaar@procentec.com>
Date: Mon, 6 Nov 2017 14:18:26 +0100
Subject: [PATCH] When testing our application with the OWASP ZAP tool we
 encountered exceptions on two different places. This should fix it.

---
 lib/server.js | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/server.js b/lib/server.js
index d48c4ad7..0e3f53c0 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -266,11 +266,13 @@ function sendErrorMessage (req, res, code) {
   } else {
     headers['Access-Control-Allow-Origin'] = '*';
   }
-  res.writeHead(400, headers);
-  res.end(JSON.stringify({
-    code: code,
-    message: Server.errorMessages[code]
-  }));
+  if (res !== undefined) {
+    res.writeHead(400, headers);
+    res.end(JSON.stringify({
+      code: code,
+      message: Server.errorMessages[code]
+    }));
+  }
 }
 
 /**
@@ -383,7 +385,7 @@ Server.prototype.handleUpgrade = function (req, socket, upgradeHead) {
 Server.prototype.onWebSocket = function (req, socket) {
   socket.on('error', onUpgradeError);
 
-  if (!transports[req._query.transport].prototype.handlesUpgrades) {
+  if (transports[req._query.transport] !== undefined && !transports[req._query.transport].prototype.handlesUpgrades) {
     debug('transport doesnt handle upgraded requests');
     socket.close();
     return;