From a24d724cef1827851689d59292c9d7a699ffd134 Mon Sep 17 00:00:00 2001 From: Ryan Schmukler Date: Thu, 30 Nov 2023 17:42:11 -0600 Subject: [PATCH] Fix websocket multi-value connection upgrades Fix an issue where browsers could send Keep-Alive and Upgrade in the same request causing upgrade-request? to return false. --- ring-core/src/ring/websocket.clj | 8 +++++--- ring-core/test/ring/test/websocket.clj | 8 ++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ring-core/src/ring/websocket.clj b/ring-core/src/ring/websocket.clj index 994649ad..61a19ba2 100644 --- a/ring-core/src/ring/websocket.clj +++ b/ring-core/src/ring/websocket.clj @@ -66,9 +66,11 @@ (defn upgrade-request? "Returns true if the request map is a websocket upgrade request." [request] - (let [headers (:headers request)] - (and (.equalsIgnoreCase "upgrade" (get headers "connection")) - (.equalsIgnoreCase "websocket" (get headers "upgrade"))))) + (let [{{:strs [connection upgrade]} :headers} request] + (and upgrade + connection + (re-find #"\b(?i)upgrade\b" connection) + (.equalsIgnoreCase "websocket" upgrade)))) (defn websocket-response? "Returns true if the response contains a websocket listener." diff --git a/ring-core/test/ring/test/websocket.clj b/ring-core/test/ring/test/websocket.clj index 7a0fc01c..b36571fc 100644 --- a/ring-core/test/ring/test/websocket.clj +++ b/ring-core/test/ring/test/websocket.clj @@ -3,6 +3,14 @@ [ring.websocket :as ws] [ring.websocket.protocols :as wsp])) + +(deftest test-upgrade-request? + (is (not (ws/upgrade-request? {}))) + (is (ws/upgrade-request? {:headers {"connection" "Upgrade" + "upgrade" "websocket"}})) + (is (ws/upgrade-request? {:headers {"connection" "keep-alive, Upgrade" + "upgrade" "websocket"}}))) + (deftest test-request-protocols (is (empty? (ws/request-protocols {:headers {}}))) (is (= ["mqtt"]