Don't force explicit port when computing Origin header, close #1449

Motivation: We force explicit port when computing Origin header. We should do so when port is the default scheme’s one. Modification: Only set port when it’s different from the scheme’s default one Result: Valid Origin header
AsyncHttpClient · Aug 4, 2017 · 39268ff · 39268ff
1 parent 4e49e69
commit 39268ff
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 3 deletions.
diff --git a/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestFactory.java b/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestFactory.java
@@ -200,9 +200,7 @@ public NettyRequest newNettyRequest(Request request, boolean forceConnect, Proxy
                     .set(SEC_WEBSOCKET_VERSION, "13");
 
             if (!headers.contains(ORIGIN)) {
-                String scheme = uri.isSecured() ? "https://" : "http://";
-                String origin = scheme + uri.getHost() + ":" + uri.getExplicitPort();
-                headers.set(ORIGIN, origin);
+                headers.set(ORIGIN, computeOriginHeader(uri));
             }
 
         } else if (!headers.contains(CONNECTION)) {

diff --git a/client/src/main/java/org/asynchttpclient/util/HttpUtils.java b/client/src/main/java/org/asynchttpclient/util/HttpUtils.java
@@ -129,4 +129,13 @@ public static String hostHeader(Request request, Uri uri) {
             return port == -1 || port == uri.getSchemeDefaultPort() ? host : host + ":" + port;
         }
     }
+
+    public static String computeOriginHeader(Uri uri) {
+        StringBuilder sb = StringBuilderPool.DEFAULT.stringBuilder();
+        sb.append(uri.isSecured() ? "https://" : "http://").append(uri.getHost());
+        if (uri.getExplicitPort() != uri.getSchemeDefaultPort()) {
+            sb.append(':').append(uri.getPort());
+        }
+        return sb.toString();
+    }
 }
diff --git a/client/src/test/java/org/asynchttpclient/util/HttpUtilsTest.java b/client/src/test/java/org/asynchttpclient/util/HttpUtilsTest.java
@@ -199,4 +199,34 @@ private static String toUsAsciiString(ByteBuffer buf) throws CharacterCodingExce
             bb.release();
         }
     }
+
+    @Test
+    public void computeOriginForPlainUriWithImplicitPort() {
+        assertEquals(HttpUtils.computeOriginHeader(Uri.create("ws://foo.com/bar")), "http://foo.com");
+    }
+
+    @Test
+    public void computeOriginForPlainUriWithDefaultPort() {
+        assertEquals(HttpUtils.computeOriginHeader(Uri.create("ws://foo.com:80/bar")), "http://foo.com");
+    }
+
+    @Test
+    public void computeOriginForPlainUriWithNonDefaultPort() {
+        assertEquals(HttpUtils.computeOriginHeader(Uri.create("ws://foo.com:81/bar")), "http://foo.com:81");
+    }
+
+    @Test
+    public void computeOriginForSecuredUriWithImplicitPort() {
+        assertEquals(HttpUtils.computeOriginHeader(Uri.create("wss://foo.com/bar")), "https://foo.com");
+    }
+
+    @Test
+    public void computeOriginForSecuredUriWithDefaultPort() {
+        assertEquals(HttpUtils.computeOriginHeader(Uri.create("wss://foo.com:443/bar")), "https://foo.com");
+    }
+
+    @Test
+    public void computeOriginForSecuredUriWithNonDefaultPort() {
+        assertEquals(HttpUtils.computeOriginHeader(Uri.create("wss://foo.com:444/bar")), "https://foo.com:444");
+    }
 }