From 6268703487da02d66552d1e1a42858aa273def90 Mon Sep 17 00:00:00 2001 From: Leo K Date: Tue, 26 Oct 2021 23:06:44 +0200 Subject: [PATCH] fix(ext/http): allow multiple values in upgrade header for websocket (#12551) Co-authored-by: Aaron O'Mullan --- cli/tests/unit/http_test.ts | 30 +++++++++++++++--------------- ext/http/01_http.js | 11 ++++++++--- ext/http/lib.rs | 4 +++- 3 files changed, 26 insertions(+), 19 deletions(-) diff --git a/cli/tests/unit/http_test.ts b/cli/tests/unit/http_test.ts index 080b94a1d0..d947282dbe 100644 --- a/cli/tests/unit/http_test.ts +++ b/cli/tests/unit/http_test.ts @@ -726,18 +726,6 @@ unitTest(function httpUpgradeWebSocket() { ); }); -unitTest(function httpUpgradeWebSocketLowercaseUpgradeHeader() { - const request = new Request("https://deno.land/", { - headers: { - connection: "upgrade", - upgrade: "websocket", - "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==", - }, - }); - const { response } = Deno.upgradeWebSocket(request); - assertEquals(response.status, 101); -}); - unitTest(function httpUpgradeWebSocketMultipleConnectionOptions() { const request = new Request("https://deno.land/", { headers: { @@ -750,11 +738,23 @@ unitTest(function httpUpgradeWebSocketMultipleConnectionOptions() { assertEquals(response.status, 101); }); +unitTest(function httpUpgradeWebSocketMultipleUpgradeOptions() { + const request = new Request("https://deno.land/", { + headers: { + connection: "upgrade", + upgrade: "websocket, foo", + "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==", + }, + }); + const { response } = Deno.upgradeWebSocket(request); + assertEquals(response.status, 101); +}); + unitTest(function httpUpgradeWebSocketCaseInsensitiveUpgradeHeader() { const request = new Request("https://deno.land/", { headers: { connection: "upgrade", - upgrade: "websocket", + upgrade: "Websocket", "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==", }, }); @@ -775,7 +775,7 @@ unitTest(function httpUpgradeWebSocketInvalidUpgradeHeader() { Deno.upgradeWebSocket(request); }, TypeError, - "Invalid Header: 'upgrade' header must be 'websocket'", + "Invalid Header: 'upgrade' header must contain 'websocket'", ); }); @@ -791,7 +791,7 @@ unitTest(function httpUpgradeWebSocketWithoutUpgradeHeader() { Deno.upgradeWebSocket(request); }, TypeError, - "Invalid Header: 'upgrade' header must be 'websocket'", + "Invalid Header: 'upgrade' header must contain 'websocket'", ); }); diff --git a/ext/http/01_http.js b/ext/http/01_http.js index 9ce6997c64..9f05809f5a 100644 --- a/ext/http/01_http.js +++ b/ext/http/01_http.js @@ -349,9 +349,14 @@ function upgradeWebSocket(request, options = {}) { const upgrade = request.headers.get("upgrade"); - if (!upgrade || StringPrototypeToLowerCase(upgrade) !== "websocket") { + const upgradeHasWebSocketOption = upgrade !== null && + ArrayPrototypeSome( + StringPrototypeSplit(upgrade, /\s*,\s*/), + (option) => StringPrototypeToLowerCase(option) === "websocket", + ); + if (!upgradeHasWebSocketOption) { throw new TypeError( - "Invalid Header: 'upgrade' header must be 'websocket'", + "Invalid Header: 'upgrade' header must contain 'websocket'", ); } @@ -363,7 +368,7 @@ ); if (!connectionHasUpgradeOption) { throw new TypeError( - "Invalid Header: 'connection' header must be 'Upgrade'", + "Invalid Header: 'connection' header must contain 'Upgrade'", ); } diff --git a/ext/http/lib.rs b/ext/http/lib.rs index ffca4fa2f0..aae6415cb1 100644 --- a/ext/http/lib.rs +++ b/ext/http/lib.rs @@ -332,7 +332,9 @@ fn is_websocket_request(req: &hyper::Request) -> bool { && req.method() == hyper::Method::GET && req.headers().contains_key(&SEC_WEBSOCKET_KEY) && header(req.headers(), &SEC_WEBSOCKET_VERSION) == b"13" - && header(req.headers(), &UPGRADE).eq_ignore_ascii_case(b"websocket") + && header(req.headers(), &UPGRADE) + .split(|c| *c == b' ' || *c == b',') + .any(|token| token.eq_ignore_ascii_case(b"websocket")) && header(req.headers(), &CONNECTION) .split(|c| *c == b' ' || *c == b',') .any(|token| token.eq_ignore_ascii_case(b"upgrade"))