Description: |
Requests were being (incorrectly) processed without checking
whether they include the Upgrade and Connect headers. The
following patch solves the issue.
commit 559a6dbc8a2bad39a3363d994237cc92
Author: Adrián Medraño Calvo <[email protected]>
Date: Thu Apr 16 10:10:35 2015 +0200
[ws]: Ensure WebSocket headers are present
Requests were (incorrectly) processed without checking whether
they include the Upgrade and Connect headers. The following
patch solves the issue.
diff --git a/src/websocket.tcl b/src/websocket.tcl
index 6d60537..a9e0624 100644
--- a/src/websocket.tcl
+++ b/src/websocket.tcl
@@ -431,8 +431,17 @@
}
dict lappend res protocols {*}$protocols;
}
+ default {
+ # Ignore other headers.
+ }
}
}
+ if {!$upgrading} {
+ ThrowError "No 'Connect' header with 'upgrade' token found" HANDSHAKE CONNECTION
+ }
+ if {!$websocket} {
+ ThrowError "No 'Upgrade' header with 'websocket' token found" HANDSHAKE UPGRADE
+ }
if {![dict exists $res version]} {
ThrowError "No WebSocket version specified" HANDSHAKE VERSION
}
|