[webkit-changes] [111554] trunk

Wed, 21 Mar 2012 09:47:00 -0700

Title: [111554] trunk
Revision
111554
Author
[email protected]
Date
2012-03-21 09:46:41 -0700 (Wed, 21 Mar 2012)

Log Message

[WebSocket]The Sec-WebSocket-Accept MUST NOT appear more than once in an HTTP response
https://bugs.webkit.org/show_bug.cgi?id=81655

Patch by Li Yin <[email protected]> on 2012-03-21
Reviewed by Adam Barth.

Source/WebCore:

Test: http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header.html

* Modules/websockets/WebSocketHandshake.cpp:
(WebCore::WebSocketHandshake::readHTTPHeaders):

LayoutTests:

* http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header.html: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header_wsh.py: Added.
(web_socket_do_extra_handshake):
(web_socket_transfer_data):

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (111553 => 111554)


--- trunk/LayoutTests/ChangeLog	2012-03-21 16:37:06 UTC (rev 111553)
+++ trunk/LayoutTests/ChangeLog	2012-03-21 16:46:41 UTC (rev 111554)
@@ -1,3 +1,16 @@
+2012-03-21  Li Yin  <[email protected]>
+
+        [WebSocket]The Sec-WebSocket-Accept MUST NOT appear more than once in an HTTP response
+        https://bugs.webkit.org/show_bug.cgi?id=81655
+
+        Reviewed by Adam Barth.
+
+        * http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header.html: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header_wsh.py: Added.
+        (web_socket_do_extra_handshake):
+        (web_socket_transfer_data):
+
 2012-03-21  Yury Semikhatsky  <[email protected]>
 
         Web Inspector: event listener section doesn't show all event listeners of the element ancestors

Added: trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt (0 => 111554)


--- trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt	2012-03-21 16:46:41 UTC (rev 111554)
@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: The Sec-WebSocket-Accept header MUST NOT appear more than once in an HTTP response
+Test that WebSocket handshake fails if there are more one Sec-WebSocket-Accept header field in the response.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header.html (0 => 111554)


--- trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header.html	2012-03-21 16:46:41 UTC (rev 111554)
@@ -0,0 +1,51 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+description("Test that WebSocket handshake fails if there are more one Sec-WebSocket-Accept header field in the response.");
+
+window.jsTestIsAsync = true;
+if (window.layoutTestController)
+    layoutTestController.overridePreference("WebKitHixie76WebSocketProtocolEnabled", 0);
+
+function endTest()
+{
+    clearTimeout(timeoutID);
+    finishJSTest();
+}
+
+var url = ""
+var ws = new WebSocket(url);
+
+ws._onopen_ = function()
+{
+    testFailed("Unexpectedly Connected.");
+};
+
+ws._onmessage_ = function(messageEvent)
+{
+    testFailed("Unexpectedly Received: '" + messageEvent.data + "'");
+};
+
+ws._onclose_ = function()
+{
+    endTest();
+};
+
+function timeOutCallback()
+{
+    debug("Timed out in state: " + ws.readyState);
+    endTest();
+}
+
+var timeoutID = setTimeout(timeOutCallback, 3000);
+
+</script>
+<script src=""
+</body>
+</html>

Added: trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header_wsh.py (0 => 111554)


--- trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header_wsh.py	                        (rev 0)
+++ trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header_wsh.py	2012-03-21 16:46:41 UTC (rev 111554)
@@ -0,0 +1,18 @@
+from mod_pywebsocket import handshake
+from mod_pywebsocket.handshake.hybi import compute_accept
+
+
+def web_socket_do_extra_handshake(request):
+    msg = 'HTTP/1.1 101 Switching Protocols\r\n'
+    msg += 'Upgrade: websocket\r\n'
+    msg += 'Connection: Upgrade\r\n'
+    msg += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
+    msg += 'Sec-WebSocket-Accept: XXXXthisiswrongXXXX\r\n' 
+    msg += '\r\n'
+    request.connection.write(msg)
+    print msg
+    raise handshake.AbortedByUserException('Abort the connection') # Prevents pywebsocket from sending its own handshake message.
+
+
+def web_socket_transfer_data(request):
+    pass

Modified: trunk/Source/WebCore/ChangeLog (111553 => 111554)


--- trunk/Source/WebCore/ChangeLog	2012-03-21 16:37:06 UTC (rev 111553)
+++ trunk/Source/WebCore/ChangeLog	2012-03-21 16:46:41 UTC (rev 111554)
@@ -1,3 +1,15 @@
+2012-03-21  Li Yin  <[email protected]>
+
+        [WebSocket]The Sec-WebSocket-Accept MUST NOT appear more than once in an HTTP response
+        https://bugs.webkit.org/show_bug.cgi?id=81655
+
+        Reviewed by Adam Barth.
+
+        Test: http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header.html
+
+        * Modules/websockets/WebSocketHandshake.cpp:
+        (WebCore::WebSocketHandshake::readHTTPHeaders):
+
 2012-03-21  Alexei Filippov  <[email protected]>
 
         Web Inspector: Speedup heap snapshot loading.

Modified: trunk/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp (111553 => 111554)


--- trunk/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp	2012-03-21 16:37:06 UTC (rev 111553)
+++ trunk/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp	2012-03-21 16:46:41 UTC (rev 111554)
@@ -575,6 +575,7 @@
 
     Vector<char> name;
     Vector<char> value;
+    bool sawSecWebSocketAcceptHeaderField = false;
     for (const char* p = start; p < end; p++) {
         name.clear();
         value.clear();
@@ -644,6 +645,13 @@
                 m_failureReason = m_extensionDispatcher.failureReason();
                 return 0;
             }
+        } else if (equalIgnoringCase("Sec-WebSocket-Accept", nameStr)) {
+            if (sawSecWebSocketAcceptHeaderField) {
+                m_failureReason = "The Sec-WebSocket-Accept header MUST NOT appear more than once in an HTTP response";
+                return 0;
+            }
+            m_response.addHeaderField(nameStr, valueStr);
+            sawSecWebSocketAcceptHeaderField = true;
         } else
             m_response.addHeaderField(nameStr, valueStr);
     }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to