- Revision
- 112499
- Author
- [email protected]
- Date
- 2012-03-28 21:22:12 -0700 (Wed, 28 Mar 2012)
Log Message
[WebSocket]Browser must fail connection if Sec-WebSocket-Protocol mismatched.
https://bugs.webkit.org/show_bug.cgi?id=82307
Patch by Li Yin <[email protected]> on 2012-03-28
Reviewed by Kent Tamura.
Source/WebCore:
>From RFC6455: http://tools.ietf.org/html/rfc6455#section-4.1
If the WebSocket openhanding respond included the mismatched
Sec-WebSocket-Protocol header field, the client must fail the WebSocket Connection.
Test: http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html
* Modules/websockets/WebSocketHandshake.cpp:
(WebCore::WebSocketHandshake::checkResponseHeaders):
LayoutTests:
>From RFC6455: http://tools.ietf.org/html/rfc6455#section-4.1
If the response includes a |Sec-WebSocket-Protocol| header field
and this header field indicates the use of a subprotocol that was
not present in the client's handshake (the server has indicated a
subprotocol not requested by the client), the client MUST _Fail
the WebSocket Connection_.
* http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header_wsh.py: Added.
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (112498 => 112499)
--- trunk/LayoutTests/ChangeLog 2012-03-29 04:08:27 UTC (rev 112498)
+++ trunk/LayoutTests/ChangeLog 2012-03-29 04:22:12 UTC (rev 112499)
@@ -1,3 +1,23 @@
+2012-03-28 Li Yin <[email protected]>
+
+ [WebSocket]Browser must fail connection if Sec-WebSocket-Protocol mismatched.
+ https://bugs.webkit.org/show_bug.cgi?id=82307
+
+ Reviewed by Kent Tamura.
+
+ From RFC6455: http://tools.ietf.org/html/rfc6455#section-4.1
+ If the response includes a |Sec-WebSocket-Protocol| header field
+ and this header field indicates the use of a subprotocol that was
+ not present in the client's handshake (the server has indicated a
+ subprotocol not requested by the client), the client MUST _Fail
+ the WebSocket Connection_.
+
+ * http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header_wsh.py: Added.
+ (web_socket_do_extra_handshake):
+ (web_socket_transfer_data):
+
2012-03-28 David Grogan <[email protected]>
IndexedDB: don't expose IDBDatabaseError to script
Added: trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt (0 => 112499)
--- trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt 2012-03-29 04:22:12 UTC (rev 112499)
@@ -0,0 +1,14 @@
+CONSOLE MESSAGE: Error during WebSocket handshake: Sec-WebSocket-Protocol mismatch
+CONSOLE MESSAGE: Error during WebSocket handshake: Sec-WebSocket-Protocol mismatch
+CONSOLE MESSAGE: Error during WebSocket handshake: Sec-WebSocket-Protocol mismatch
+Test whether WebSocket handshake fails if the server sends mismatched Sec-WebSocket-Protocol header.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS closeEvent.wasClean is false
+PASS closeEvent.wasClean is false
+PASS closeEvent.wasClean is false
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html (0 => 112499)
--- trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html (rev 0)
+++ trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html 2012-03-29 04:22:12 UTC (rev 112499)
@@ -0,0 +1,51 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+description("Test whether WebSocket handshake fails if the server sends mismatched Sec-WebSocket-Protocol header.");
+
+window.jsTestIsAsync = true;
+if (window.layoutTestController)
+ layoutTestController.overridePreference("WebKitHixie76WebSocketProtocolEnabled", 0);
+
+var url = ""
+var closeEvent;
+var ws;
+var protocolCase = ["", "MatchProtocol", ["MatchProtocol1", "MatchProtocol2"]];
+
+function doTest(index)
+{
+ if (protocolCase[index] === "")
+ ws = new WebSocket(url);
+ else
+ ws = new WebSocket(url, protocolCase[index]);
+
+ ws._onopen_ = function()
+ {
+ testFailed("Connection established.");
+ ws.close();
+ };
+
+ ws._onclose_ = function(event)
+ {
+ closeEvent = event;
+ shouldBeFalse("closeEvent.wasClean");
+ if (index === protocolCase.length - 1) {
+ finishJSTest();
+ return;
+ }
+ doTest(index + 1);
+ };
+}
+
+doTest(0);
+
+</script>
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header_wsh.py (0 => 112499)
--- trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header_wsh.py (rev 0)
+++ trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header_wsh.py 2012-03-29 04:22:12 UTC (rev 112499)
@@ -0,0 +1,17 @@
+from mod_pywebsocket import handshake
+from mod_pywebsocket.handshake.hybi import compute_accept
+
+
+def web_socket_do_extra_handshake(request):
+ msg = 'HTTP/1.1 101 Switching Protocols\r\n'
+ msg += 'Upgrade: websocket\r\n'
+ msg += 'Connection: Upgrade\r\n'
+ msg += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
+ msg += 'Sec-WebSocket-Protocol: MismatchProtocol\r\n'
+ msg += '\r\n'
+ request.connection.write(msg)
+ raise handshake.AbortedByUserException('Abort the connection') # Prevents pywebsocket from sending its own handshake message.
+
+
+def web_socket_transfer_data(request):
+ pass
Modified: trunk/Source/WebCore/ChangeLog (112498 => 112499)
--- trunk/Source/WebCore/ChangeLog 2012-03-29 04:08:27 UTC (rev 112498)
+++ trunk/Source/WebCore/ChangeLog 2012-03-29 04:22:12 UTC (rev 112499)
@@ -1,3 +1,19 @@
+2012-03-28 Li Yin <[email protected]>
+
+ [WebSocket]Browser must fail connection if Sec-WebSocket-Protocol mismatched.
+ https://bugs.webkit.org/show_bug.cgi?id=82307
+
+ Reviewed by Kent Tamura.
+
+ From RFC6455: http://tools.ietf.org/html/rfc6455#section-4.1
+ If the WebSocket openhanding respond included the mismatched
+ Sec-WebSocket-Protocol header field, the client must fail the WebSocket Connection.
+
+ Test: http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html
+
+ * Modules/websockets/WebSocketHandshake.cpp:
+ (WebCore::WebSocketHandshake::checkResponseHeaders):
+
2012-03-28 Jessie Berlin <[email protected]>
Fix Windows build after r112482.
Modified: trunk/Source/WebCore/Modules/websockets/WebSocket.cpp (112498 => 112499)
--- trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2012-03-29 04:08:27 UTC (rev 112498)
+++ trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2012-03-29 04:22:12 UTC (rev 112499)
@@ -147,6 +147,11 @@
return webSocketsAvailable;
}
+const char* WebSocket::subProtocolSeperator()
+{
+ return ", ";
+}
+
WebSocket::WebSocket(ScriptExecutionContext* context)
: ActiveDOMObject(context, this)
, m_state(CONNECTING)
@@ -267,7 +272,7 @@
}
if (!protocols.isEmpty())
- protocolString = joinStrings(protocols, ", ");
+ protocolString = joinStrings(protocols, subProtocolSeperator());
}
m_channel->connect(m_url, protocolString);
Modified: trunk/Source/WebCore/Modules/websockets/WebSocket.h (112498 => 112499)
--- trunk/Source/WebCore/Modules/websockets/WebSocket.h 2012-03-29 04:08:27 UTC (rev 112498)
+++ trunk/Source/WebCore/Modules/websockets/WebSocket.h 2012-03-29 04:22:12 UTC (rev 112499)
@@ -53,6 +53,7 @@
public:
static void setIsAvailable(bool);
static bool isAvailable();
+ static const char* subProtocolSeperator();
static PassRefPtr<WebSocket> create(ScriptExecutionContext*);
virtual ~WebSocket();
Modified: trunk/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp (112498 => 112499)
--- trunk/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp 2012-03-29 04:08:27 UTC (rev 112498)
+++ trunk/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp 2012-03-29 04:22:12 UTC (rev 112499)
@@ -34,6 +34,7 @@
#if ENABLE(WEB_SOCKETS)
#include "WebSocketHandshake.h"
+#include "WebSocket.h"
#include "Base64.h"
#include "Cookie.h"
@@ -727,6 +728,18 @@
m_failureReason = "Error during WebSocket handshake: Sec-WebSocket-Accept mismatch";
return false;
}
+ if (!serverWebSocketProtocol.isNull()) {
+ if (m_clientProtocol.isEmpty()) {
+ m_failureReason = "Error during WebSocket handshake: Sec-WebSocket-Protocol mismatch";
+ return false;
+ }
+ Vector<String> result;
+ m_clientProtocol.split(String(WebSocket::subProtocolSeperator()), result);
+ if (!result.contains(serverWebSocketProtocol)) {
+ m_failureReason = "Error during WebSocket handshake: Sec-WebSocket-Protocol mismatch";
+ return false;
+ }
+ }
}
return true;
}
