Description
What version of Go are you using (go version
)?
go version go1.7.4 linux/amd64
What operating system and processor architecture are you using (go env
)?
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/shosti/go"
GORACE=""
GOROOT="/usr/lib/go"
GOTOOLDIR="/usr/lib/go/pkg/tool/linux_amd64"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build649225145=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
What did you do?
Minimal reproduction: https://play.golang.org/p/jMuUMK5TDL
What did you expect to see?
According to RFC 6455, headers for WebSocket upgrades are capitalized as Sec-WebSocket-*
(e.g. Sec-WebSocket-Key
). CanonicalHeaderKey
should canonicalize those headers to be compliant with the spec.
What did you see instead?
CanonicalizeHeaderKey
returns header keys capitalized as Sec-Websocket-*
(without the uppercase S
in Socket
).
While this may not seem like a big deal, I've encountered real-world servers that rely on the correct capitalization (obviously not a good idea). It's especially problematic because all HTTP request parsing canonicalizes the header keys. This has led to some pretty severe issues with a proxy server I had running in production that had to forward WebSocket requests to arbitrary servers.