Do not allow duplicate headers in handshake

This commit is contained in:
Gary Burd 2015-11-02 08:39:02 -08:00
parent 044091b51d
commit a4e0143e1f
2 changed files with 28 additions and 2 deletions

View File

@ -197,11 +197,18 @@ func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Re
req.Header["Sec-WebSocket-Protocol"] = []string{strings.Join(d.Subprotocols, ", ")} req.Header["Sec-WebSocket-Protocol"] = []string{strings.Join(d.Subprotocols, ", ")}
} }
for k, vs := range requestHeader { for k, vs := range requestHeader {
if k == "Host" { switch {
case k == "Host":
if len(vs) > 0 { if len(vs) > 0 {
req.Host = vs[0] req.Host = vs[0]
} }
} else { case k == "Upgrade" ||
k == "Connection" ||
k == "Sec-Websocket-Key" ||
k == "Sec-Websocket-Version" ||
(k == "Sec-Websocket-Protocol" && len(d.Subprotocols) > 0):
return nil, nil, errors.New("websocket: duplicate header not allowed: " + k)
default:
req.Header[k] = vs req.Header[k] = vs
} }
} }

View File

@ -268,6 +268,25 @@ func TestDialBadOrigin(t *testing.T) {
} }
} }
func TestDialBadHeader(t *testing.T) {
s := newServer(t)
defer s.Close()
for _, k := range []string{"Upgrade",
"Connection",
"Sec-Websocket-Key",
"Sec-Websocket-Version",
"Sec-Websocket-Protocol"} {
h := http.Header{}
h.Set(k, "bad")
ws, _, err := cstDialer.Dial(s.URL, http.Header{"Origin": {"bad"}})
if err == nil {
ws.Close()
t.Errorf("Dial with header %s returned nil", k)
}
}
}
func TestHandshake(t *testing.T) { func TestHandshake(t *testing.T) {
s := newServer(t) s := newServer(t)
defer s.Close() defer s.Close()