kapitan/IXWebSocket
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check and validate the Connection: Upgrade header in client/server

Browse Source
This commit is contained in:
Benjamin Sergeant
2019-01-15 09:31:37 -08:00
parent bfb76de9ab
commit 121c84a2d1
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ixwebsocket/IXWebSocketHandshake.cpp
View File

@@ -354,6 +354,14 @@ namespace ix
return WebSocketInitResult(false, status, "Error parsing HTTP headers"); return WebSocketInitResult(false, status, "Error parsing HTTP headers");
} }
// Check the presence of the Upgrade field
if (headers.find("connection") == headers.end() ||
headers["connection"] != "Upgrade")
{
std::string errorMsg("Invalid or missing connection value");
return WebSocketInitResult(false, status, errorMsg);
}
char output[29] = {}; char output[29] = {};
WebSocketHandshakeKeyGen::generate(secWebSocketKey.c_str(), output); WebSocketHandshakeKeyGen::generate(secWebSocketKey.c_str(), output);
if (std::string(output) != headers["sec-websocket-accept"]) if (std::string(output) != headers["sec-websocket-accept"])
@@ -467,7 +475,7 @@ namespace ix
ss << "HTTP/1.1 101\r\n"; ss << "HTTP/1.1 101\r\n";
ss << "Sec-WebSocket-Accept: " << std::string(output) << "\r\n"; ss << "Sec-WebSocket-Accept: " << std::string(output) << "\r\n";
ss << "Upgrade: websocket\r\n"; ss << "Upgrade: websocket\r\n";
ss << "Connection: websocket\r\n"; ss << "Connection: Upgrade\r\n";
// Parse the client headers. Does it support deflate ? // Parse the client headers. Does it support deflate ?
std::string header = headers["sec-websocket-extensions"]; std::string header = headers["sec-websocket-extensions"];