Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WebSocketClientHandshaker13 Invalid Handshake #9134

Closed
davydotcom opened this issue May 7, 2019 · 5 comments · Fixed by #9312

Comments

@davydotcom
Copy link

commented May 7, 2019

Expected behavior

Origin Header should be sent on handshake

Actual behavior

Sec-WebSocket-Origin Header is sent instead which is not a client handshake but rather a server to client origin handshake per the Specification

@normanmaurer

This comment has been minimized.

Copy link
Member

commented May 8, 2019

@davydotcom do you have a reproducer ?

@davydotcom

This comment has been minimized.

Copy link
Author

commented May 8, 2019

@normanmaurer

This comment has been minimized.

Copy link
Member

commented May 8, 2019

davydotcom added a commit to davydotcom/netty that referenced this issue May 8, 2019
Removes Sec-WebSocket-Origin From Websocket HS
Sec-WebSocket-Origin is a Server to Client handshake not a Client to Server handshake header per the websocket RFC specification. This Resolves Issue netty#9134
normanmaurer added a commit that referenced this issue Jul 12, 2019
Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 (#9312)
Motivation:

Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser
clients, Origin header field may be sent if it makes sense in the context of those clients.

Modification:

Replace Sec-WebSocket-Origin to Origin

Result:

Fixes #9134 .

@normanmaurer normanmaurer added this to the 4.1.38.Final milestone Jul 12, 2019

normanmaurer added a commit that referenced this issue Jul 12, 2019
Fixed incorrect Sec-WebSocket-Origin header for v13, see #9134 (#9312)
Motivation:

Based on https://tools.ietf.org/html/rfc6455#section-1.3 - for non-browser
clients, Origin header field may be sent if it makes sense in the context of those clients.

Modification:

Replace Sec-WebSocket-Origin to Origin

Result:

Fixes #9134 .
@marci74

This comment has been minimized.

Copy link

commented Aug 8, 2019

We use Netty through Vert.x for a proxy application. For some of our websocket tests we modify the "origin" header of the client requests. This does not work anymore due to the changes here. Also we need to pass the "origin" header downstream. This is not possible anymore and we are stuck here. Maybe you can change the behaviour and set the "origin" header only if it is not already present?

@marci74

This comment has been minimized.

Copy link

commented Aug 8, 2019

Resolved in #9435. Sorry for the duplicate comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.