114: Accept a common variation of the websocket header.

ELPA Syncer Wed, 15 Feb 2023 17:59:56 -0800

branch: externals/websocket
commit 5be01c6d1a8e87d001916fc40a77d779826fcacf
Author: Andrew Hyatt <ahy...@gmail.com>
Commit: Andrew Hyatt <ahy...@gmail.com>


    Accept a common variation of the websocket header.
    
    The Tornado server sends Sec-Websocket-Accept instead of 
Sec-WebSocket-Accept.
    Accept this variation, but don't accept any arbitrary header case at this 
point.
---
 websocket-test.el | 19 +++++++++++++------
 websocket.el      |  8 ++++----
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/websocket-test.el b/websocket-test.el
index f6a9c25ffa..f8cbe09657 100644
--- a/websocket-test.el
+++ b/websocket-test.el
@@ -120,25 +120,32 @@
 
 (ert-deftest websocket-verify-headers ()
   (let ((accept "Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=")
+        (accept-alt-case "Sec-Websocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=")
         (invalid-accept "Sec-WebSocket-Accept: bad")
         (upgrade "Upgrade: websocket")
+        (upgrade-alt-case "Upgrade: Websocket")
         (connection "Connection: upgrade")
         (ws (websocket-inner-create
              :conn "fake-conn" :url "ws://foo/bar"
              :accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="))
         (ws-with-protocol
          (websocket-inner-create
-             :conn "fake-conn" :url "ws://foo/bar"
-             :accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
-             :protocols '("myprotocol")))
+          :conn "fake-conn" :url "ws://foo/bar"
+          :accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
+          :protocols '("myprotocol")))
         (ws-with-extensions
          (websocket-inner-create
-             :conn "fake-conn" :url "ws://foo/bar"
-             :accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
-             :extensions '("ext1" "ext2"))))
+          :conn "fake-conn" :url "ws://foo/bar"
+          :accept-string "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
+          :extensions '("ext1" "ext2"))))
     (should (websocket-verify-headers
              ws
              (websocket-test-header-with-lines accept upgrade connection)))
+    ;; Force case sensitivity to make sure we aren't too case sensitive.
+    (let ((case-fold-search nil))
+      (should (websocket-verify-headers
+               ws
+               (websocket-test-header-with-lines accept-alt-case 
upgrade-alt-case connection))))
     (should-error
      (websocket-verify-headers
       ws
diff --git a/websocket.el b/websocket.el
index 68e847cf1c..95dd042c9d 100644
--- a/websocket.el
+++ b/websocket.el
@@ -797,10 +797,10 @@ connection is invalid, the connection will be closed."
 The output is assumed to have complete headers.  This function
 will either return t or call `error'.  This has the side-effect
 of populating the list of server extensions to WEBSOCKET."
-  (let ((accept-string
-         (concat "Sec-WebSocket-Accept: " (websocket-accept-string 
websocket))))
-    (websocket-debug websocket "Checking for accept header: %s" accept-string)
-    (unless (string-match (regexp-quote accept-string) output)
+  (let ((accept-regexp
+         (concat "Sec-Web[Ss]ocket-Accept: " (regexp-quote 
(websocket-accept-string websocket)))))
+    (websocket-debug websocket "Checking for accept header regexp: %s" 
accept-regexp)
+    (unless (string-match accept-regexp output)
       (signal 'websocket-invalid-header
               (list "Incorrect handshake from websocket: is this really a 
websocket connection?"))))
   (let ((case-fold-search t))

[elpa] externals/websocket 5be01c6d1a 085/114: Accept a common variation of the websocket header.

Reply via email to