-
-
Notifications
You must be signed in to change notification settings - Fork 15.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix generating the Origin
header value for websocket handshake request
#12941
Fix generating the Origin
header value for websocket handshake request
#12941
Conversation
@normanmaurer , @chrisvest, @vietj , @slandelle, @ursaj Could you please take a look. |
One fixes the NPE by turning origin header generation off? |
looks good |
Added a comment to the issue #12933 how they are related. |
…est only if it enabled.
efecda2
to
44bd9da
Compare
@normanmaurer, @vietj, @slandelle Could you please review this changes, i would like to know your thoughts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just some comments related to the test-code. PTAL
...http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshakerTest.java
Outdated
Show resolved
Hide resolved
...http/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshakerTest.java
Outdated
Show resolved
Hide resolved
@amizurov thanks a lot! |
…est (#12941) Motivation: We have the old erroneous behavior of generating the `Origin| Sec-WebSocket-Origin` for client websocket handshake request (#9673). In Netty5 this fixed and auto-generation has been deleted at all, only if the client passed the `Origin` header via custom headers. The same we can do for Netty4 but it could potentially break some clients (unlikely), or introduce an additional parameter to disable or enable this behavior. Modification: Introduce new `generateOriginHeader` parameter in client config and generate the `Origin|Sec-WebSocket-Origin` header value only if it enabled. Add additional check for webSocketURI if it contains host or passed through `customHeaders` to prevent NPE in `newHandshakeRequest()`. Result: Fixes #9673 #12933 Co-authored-by: Norman Maurer <norman_maurer@apple.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I'm fine with fixing a broken behavior at the cost of a breaking change.
Motivation:
We have the old erroneous behavior of generating the
Origin| Sec-WebSocket-Origin
for client websocket handshake request (#9673). In Netty5 this fixed and auto-generation has been deleted at all, only if the client passed theOrigin
header via custom headers. The same we can do for Netty4 but it could potentially break some clients (unlikely), or introduce an additional parameter to disable or enable this behavior.Modification:
Introduce new
generateOriginHeader
parameter in client config and generate theOrigin|Sec-WebSocket-Origin
header value only if it enabled. Add additional check for webSocketURI if it contains host or passed throughcustomHeaders
to prevent NPE innewHandshakeRequest()
.Result:
Fixes #9673 #12933