From 121c84a2d1c938f7256bf6b5c7db6a756ceb24e7 Mon Sep 17 00:00:00 2001
From: Benjamin Sergeant <bsergean@gmail.com>
Date: Tue, 15 Jan 2019 09:31:37 -0800
Subject: [PATCH] check and validate the Connection: Upgrade header in
 client/server

---
 ixwebsocket/IXWebSocketHandshake.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ixwebsocket/IXWebSocketHandshake.cpp b/ixwebsocket/IXWebSocketHandshake.cpp
index 1a56ef09..0af76d77 100644
--- a/ixwebsocket/IXWebSocketHandshake.cpp
+++ b/ixwebsocket/IXWebSocketHandshake.cpp
@@ -354,6 +354,14 @@ namespace ix
             return WebSocketInitResult(false, status, "Error parsing HTTP headers");
         }
 
+        // Check the presence of the Upgrade field
+        if (headers.find("connection") == headers.end() ||
+            headers["connection"] != "Upgrade")
+        {
+            std::string errorMsg("Invalid or missing connection value");
+            return WebSocketInitResult(false, status, errorMsg);
+        }
+
         char output[29] = {};
         WebSocketHandshakeKeyGen::generate(secWebSocketKey.c_str(), output);
         if (std::string(output) != headers["sec-websocket-accept"])
@@ -467,7 +475,7 @@ namespace ix
         ss << "HTTP/1.1 101\r\n";
         ss << "Sec-WebSocket-Accept: " << std::string(output) << "\r\n";
         ss << "Upgrade: websocket\r\n";
-        ss << "Connection: websocket\r\n";
+        ss << "Connection: Upgrade\r\n";
 
         // Parse the client headers. Does it support deflate ?
         std::string header = headers["sec-websocket-extensions"];