diff options
| author | David M. Lee <dlee@digium.com> | 2013-09-13 14:19:19 +0000 |
|---|---|---|
| committer | David M. Lee <dlee@digium.com> | 2013-09-13 14:19:19 +0000 |
| commit | f56796a5397cc818a5b151a27d808425589a123d (patch) | |
| tree | fe14b0b7084f2717cb2330ac745f4557a1aee131 /res/res_http_websocket.c | |
| parent | 0ffcd11380b1c966ee26b5ea2c319e023bc0cd7f (diff) | |
ARI: Fix WebSocket response when subprotocol isn't specified
When I moved the ARI WebSocket from /ws to /ari/events, I added code to
allow a WebSocket to connect without specifying the subprotocol if
there's only one subprotocol handler registered for the WebSocket.
Naively, I coded it to always respond with the subprotocol in use.
Unfortunately, according to RFC 6455, if the server's response includes
a subprotocol header field that "indicates the use of a subprotocol that
was not present in the client's handshake [...], the client MUST _Fail
the WebSocket Connection_.", emphasis theirs.
This patch correctly omits the Sec-WebSocket-Protocol if one is not
specified by the client.
(closes issue ASTERISK-22441)
Review: https://reviewboard.asterisk.org/r/2828/
........
Merged revisions 399039 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@399042 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res/res_http_websocket.c')
| -rw-r--r-- | res/res_http_websocket.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c index b03745e6f..66a6edef1 100644 --- a/res/res_http_websocket.c +++ b/res/res_http_websocket.c @@ -645,11 +645,25 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n" "Upgrade: %s\r\n" "Connection: Upgrade\r\n" - "Sec-WebSocket-Accept: %s\r\n" - "Sec-WebSocket-Protocol: %s\r\n\r\n", + "Sec-WebSocket-Accept: %s\r\n", upgrade, - base64, - protocol_handler->name); + base64); + + /* RFC 6455, Section 4.1: + * + * 6. If the response includes a |Sec-WebSocket-Protocol| header + * field and this header field indicates the use of a + * subprotocol that was not present in the client's handshake + * (the server has indicated a subprotocol not requested by + * the client), the client MUST _Fail the WebSocket + * Connection_. + */ + if (protocol) { + fprintf(ser->f, "Sec-WebSocket-Protocol: %s\r\n", + protocol); + } + + fprintf(ser->f, "\r\n"); } else { /* Specification defined in http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75 or completely unknown */ |