Google Git
Sign in
chromium / external / github.com / gorilla / websocket / 873e67e4d598af0769fdf077ff074dfe82add46a
commit873e67e4d598af0769fdf077ff074dfe82add46a[log] [tgz]
authorRan Benita <ran@unusedvar.com>Thu Aug 20 13:43:18 2020
committerGitHub <noreply@github.com>Thu Aug 20 13:43:18 2020
treede4405e90b486c228059efa40e1bcafd10192824
parentb65e62901fc1c0d968042419e74789f6af455eb9 [diff]
Fix how the client checks for presence of Upgrade: websocket, Connection: upgrade (#604)

The values of the `Upgrade` and `Connection` response headers can
contain multiple tokens, for example

    Connection: upgrade, keep-alive

The WebSocket RFC describes the checking of these as follows:

   2.  If the response lacks an |Upgrade| header field or the |Upgrade|
       header field contains a value that is not an ASCII case-
       insensitive match for the value "websocket", the client MUST
       _Fail the WebSocket Connection_.

   3.  If the response lacks a |Connection| header field or the
       |Connection| header field doesn't contain a token that is an
       ASCII case-insensitive match for the value "Upgrade", the client
       MUST _Fail the WebSocket Connection_.

It is careful to note "contains a value", "contains a token".

Previously, the client would reject with "bad handshake" if the header
doesn't contain exactly the value it looks for.

Change the checks to use `tokenListContainsValue` instead, which is
incidentally what the server is already doing for similar checks.
2 files changed
tree: de4405e90b486c228059efa40e1bcafd10192824
  1. .circleci/
  2. .github/
  3. examples/
  4. .gitignore
  5. AUTHORS
  6. client.go
  7. client_clone.go
  8. client_clone_legacy.go
  9. client_server_test.go
  10. client_test.go
  11. compression.go
  12. compression_test.go
  13. conn.go
  14. conn_broadcast_test.go
  15. conn_test.go
  16. conn_write.go
  17. conn_write_legacy.go
  18. doc.go
  19. example_test.go
  20. go.mod
  21. go.sum
  22. join.go
  23. join_test.go
  24. json.go
  25. json_test.go
  26. LICENSE
  27. mask.go
  28. mask_safe.go
  29. mask_test.go
  30. prepared.go
  31. prepared_test.go
  32. proxy.go
  33. README.md
  34. server.go
  35. server_test.go
  36. trace.go
  37. trace_17.go
  38. util.go
  39. util_test.go
  40. x_net_proxy.go
README.md

Gorilla WebSocket

GoDoc CircleCI

Gorilla WebSocket is a Go implementation of the WebSocket protocol.

Documentation

Status

The Gorilla WebSocket package provides a complete and tested implementation of the WebSocket protocol. The package API is stable.

Installation

go get github.com/gorilla/websocket

Protocol Compliance

The Gorilla WebSocket package passes the server tests in the Autobahn Test Suite using the application in the examples/autobahn subdirectory.

Gorilla WebSocket compared with other packages

Notes:

  1. Large messages are fragmented in Chrome's new WebSocket implementation.
  2. The application can get the type of a received data message by implementing a Codec marshal function.
  3. The go.net io.Reader and io.Writer operate across WebSocket frame boundaries. Read returns when the input buffer is full or a frame boundary is encountered. Each call to Write sends a single frame message. The Gorilla io.Reader and io.WriteCloser operate on a single WebSocket message.