Skip to content

Commit

Permalink
Issue eclipse-ee4j#2215 Fix invalid Origin header sent by client for …
Browse files Browse the repository at this point in the history
…non-SSL WebSocket connections
  • Loading branch information
cgdrake committed Jan 7, 2025
1 parent 3c496cf commit 2aee7c0
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2020 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2025 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -64,7 +64,7 @@ public HandShake(URI url) {
resourcePath += "?" + url.getQuery();
}
serverHostName = url.getHost();
secure = "wss://".equals(url.getScheme());
secure = "wss".equals(url.getScheme());
port = url.getPort();

final StringBuilder sb = new StringBuilder(32).append(getScheme()).append("://").append(url.getHost());
Expand Down Expand Up @@ -385,6 +385,6 @@ private StringBuilder appendPort(StringBuilder builder) {
}

private String getScheme() {
return isSecure() ? "ws" : "wss";
return isSecure() ? "wss" : "ws";
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
package org.glassfish.grizzly.websockets;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.logging.Logger;

import org.glassfish.grizzly.websockets.rfc6455.RFC6455HandShake;
import org.junit.Test;

public class HandShakeTest {
private static final Logger LOGGER = Logger.getLogger("HandShakeTest");
private static String SSL = "wss://localhost:8443";
private static String NON_SSL = "ws://localhost:8080";
private static String RESOURCE_PATH = "/websocket";

@Test
public void testOrigin() throws URISyntaxException {
// non-ssl
HandShake handshake = new RFC6455HandShake(new URI(NON_SSL + RESOURCE_PATH));
LOGGER.info("Handshake: isSecure=" + handshake.isSecure() + ", headers: " + handshake.composeHeaders().getHttpHeader());
assertEquals(NON_SSL, handshake.getOrigin());
assertFalse(handshake.isSecure());
assertEquals(NON_SSL + RESOURCE_PATH, handshake.getLocation());

// ssl
handshake = new RFC6455HandShake(new URI(SSL + RESOURCE_PATH));
LOGGER.info("Handshake: isSecure=" + handshake.isSecure() + ", headers: " + handshake.composeHeaders().getHttpHeader());
assertEquals(SSL, handshake.getOrigin());
assertTrue(handshake.isSecure());
assertEquals(SSL + RESOURCE_PATH, handshake.getLocation());


}
}

0 comments on commit 2aee7c0

Please sign in to comment.