Validate websocket handshake response #410
Conversation
Codecov ReportBase: 79.32% // Head: 79.29% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## on-second-thought #410 +/- ##
=====================================================
- Coverage 79.32% 79.29% -0.04%
=====================================================
Files 27 27
Lines 11786 11841 +55
=====================================================
+ Hits 9349 9389 +40
- Misses 2437 2452 +15
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
| /** | ||
| * Called repeatedly as payload data arrives. | ||
| * Required if `on_incoming_frame_begin` is set. | ||
| * Optional. |
There was a problem hiding this comment.
I don't know why I made these 3 callbacks have a weird "all or none" requirement.
Now they're just 3 independent callbacks, you can set any combination you want.
No reason this had to change, it was just weird and I was touching nearby code
| return AWS_OP_SUCCESS; | ||
| } | ||
| if (websocket->on_incoming_frame_payload) { | ||
| if (!websocket->on_incoming_frame_payload( |
There was a problem hiding this comment.
really minor: does it have to be 2 ifs? if (cb && !cb(...)) seems like a common pattern
There was a problem hiding this comment.
looks like the old code was exiting early if no callback was defined and now we are updating window and doing other things. was it a bug in old code?
There was a problem hiding this comment.
All the callbacks in this file are invoked with 2 ifs: one to check whether to invoke the callback, and the next to invoke it and see if it fails
I think it's easier to read
graebm
force-pushed
the
websocket-validation
branch
from
3317097 to
72dae35
Compare
graebm
force-pushed
the
websocket-validation
branch
from
f9d6eb6 to
c8e71eb
Compare
graebm
force-pushed
the
websocket-validation
branch
from
925775c to
31a40b6
Compare
This continues #410 ... This adds the last 2 validation steps specified in [RFC-6455 Section 4.1](https://www.rfc-editor.org/rfc/rfc6455#section-4.1): checking the "Sec-WebSocket-Extensions" and "Sec-WebSocket-Protocol" headers
4 participants
Issue:
The websocket client did not fully validate the server's response, as specified in RFC-6455 Section 4.1
The client was doing 1/6 required steps (checking the status-code, but not checking any headers)
Description of changes:
Validate the "Upgrade", "Connection", and "Sec-WebSocket-Accept" headers.
Now we're doing 4/6 required steps. Still need to check "Sec-WebSocket-Extensions" and "Sec-WebSocket-Protocol". That will be in a followup PR.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.