1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-21 21:50:00 -05:00

fix(ext/http): websocket upgrade header check (#11830)

This commit is contained in:
Dayan C. Galiazzi 2021-08-24 19:55:32 -03:00 committed by GitHub
parent a3fd4bb998
commit 873cce27b8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 48 additions and 1 deletions

View file

@ -6,6 +6,7 @@ import { TextProtoReader } from "../../../test_util/std/textproto/mod.ts";
import {
assert,
assertEquals,
assertThrows,
assertThrowsAsync,
deferred,
delay,
@ -705,6 +706,51 @@ unitTest(function httpUpgradeWebSocketMultipleConnectionOptions() {
assertEquals(response.status, 101);
});
unitTest(function httpUpgradeWebSocketCaseInsensitiveUpgradeHeader() {
const request = new Request("https://deno.land/", {
headers: {
connection: "upgrade",
upgrade: "WebSocket",
"sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
},
});
const { response } = Deno.upgradeWebSocket(request);
assertEquals(response.status, 101);
});
unitTest(function httpUpgradeWebSocketInvalidUpgradeHeader() {
assertThrows(
() => {
const request = new Request("https://deno.land/", {
headers: {
connection: "upgrade",
upgrade: "invalid",
"sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
},
});
Deno.upgradeWebSocket(request);
},
TypeError,
"Invalid Header: 'upgrade' header must be 'websocket'",
);
});
unitTest(function httpUpgradeWebSocketWithoutUpgradeHeader() {
assertThrows(
() => {
const request = new Request("https://deno.land/", {
headers: {
connection: "upgrade",
"sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
},
});
Deno.upgradeWebSocket(request);
},
TypeError,
"Invalid Header: 'upgrade' header must be 'websocket'",
);
});
unitTest({ perms: { net: true } }, async function httpCookieConcatenation() {
const promise = (async () => {
const listener = Deno.listen({ port: 4501 });

View file

@ -341,7 +341,8 @@
const _ws = Symbol("[[associated_ws]]");
function upgradeWebSocket(request, options = {}) {
if (request.headers.get("upgrade") !== "websocket") {
const upgrade = request.headers.get("upgrade");
if (!upgrade || StringPrototypeToLowerCase(upgrade) !== "websocket") {
throw new TypeError(
"Invalid Header: 'upgrade' header must be 'websocket'",
);