Honor existing Origin header when using WebSockets, otherwise use sec…

…… …ured scheme for wss, close #1448 Motivation: When performing initial WebSocket HTTP request, we force Origin header. This is wrong, as Origin might use a different domain than WebSocket url. Also, when computing default Origin, it would make sense to use a secure scheme when using secured sockets. Modifications: * Don’t override existing Origin header * Use https for wss Result: It’s now possible to set Origin on a different domain. Better default
AsyncHttpClient · Aug 4, 2017 · 4e49e69 · 4e49e69
1 parent 2b68960
commit 4e49e69
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestFactory.java b/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestFactory.java
@@ -196,10 +196,15 @@ public NettyRequest newNettyRequest(Request request, boolean forceConnect, Proxy
         if (!connect && uri.isWebSocket()) {
             headers.set(HttpHeaders.Names.UPGRADE, HttpHeaders.Values.WEBSOCKET)//
                     .set(CONNECTION, HttpHeaders.Values.UPGRADE)//
-                    .set(ORIGIN, "http://" + uri.getHost() + ":" + uri.getExplicitPort())//
                     .set(SEC_WEBSOCKET_KEY, getKey())//
                     .set(SEC_WEBSOCKET_VERSION, "13");
 
+            if (!headers.contains(ORIGIN)) {
+                String scheme = uri.isSecured() ? "https://" : "http://";
+                String origin = scheme + uri.getHost() + ":" + uri.getExplicitPort();
+                headers.set(ORIGIN, origin);
+            }
+
         } else if (!headers.contains(CONNECTION)) {
             String connectionHeaderValue = connectionHeader(config.isKeepAlive(), httpVersion);
             if (connectionHeaderValue != null)