bool WebSocketHandshake::checkResponseHeaders() { const String& serverWebSocketLocation = this->serverWebSocketLocation(); const String& serverWebSocketOrigin = this->serverWebSocketOrigin(); const String& serverWebSocketProtocol = this->serverWebSocketProtocol(); const String& serverUpgrade = this->serverUpgrade(); const String& serverConnection = this->serverConnection(); if (serverUpgrade.isNull()) { m_failureReason = "Error during WebSocket handshake: 'Upgrade' header is missing"; return false; } if (serverConnection.isNull()) { m_failureReason = "Error during WebSocket handshake: 'Connection' header is missing"; return false; } if (serverWebSocketOrigin.isNull()) { m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Origin' header is missing"; return false; } if (serverWebSocketLocation.isNull()) { m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Location' header is missing"; return false; } if (!equalIgnoringCase(serverUpgrade, "websocket")) { m_failureReason = "Error during WebSocket handshake: 'Upgrade' header value is not 'WebSocket'"; return false; } if (!equalIgnoringCase(serverConnection, "upgrade")) { m_failureReason = "Error during WebSocket handshake: 'Connection' header value is not 'Upgrade'"; return false; } if (clientOrigin() != serverWebSocketOrigin) { m_failureReason = "Error during WebSocket handshake: origin mismatch: " + clientOrigin() + " != " + serverWebSocketOrigin; return false; } if (clientLocation() != serverWebSocketLocation) { m_failureReason = "Error during WebSocket handshake: location mismatch: " + clientLocation() + " != " + serverWebSocketLocation; return false; } if (!m_clientProtocol.isEmpty() && m_clientProtocol != serverWebSocketProtocol) { m_failureReason = "Error during WebSocket handshake: protocol mismatch: " + m_clientProtocol + " != " + serverWebSocketProtocol; return false; } return true; }
PassRefPtr<WebSocketHandshakeRequest> WebSocketHandshake::clientHandshakeRequest() const { // Keep the following consistent with clientHandshakeMessage(). // FIXME: do we need to store m_secWebSocketKey1, m_secWebSocketKey2 and // m_key3 in WebSocketHandshakeRequest? RefPtr<WebSocketHandshakeRequest> request = WebSocketHandshakeRequest::create("GET", m_url); request->addHeaderField("Upgrade", "websocket"); request->addHeaderField("Connection", "Upgrade"); request->addHeaderField("Host", hostName(m_url, m_secure)); request->addHeaderField("Origin", clientOrigin()); if (!m_clientProtocol.isEmpty()) request->addHeaderField("Sec-WebSocket-Protocol", m_clientProtocol); KURL url = httpURLForAuthenticationAndCookies(); if (m_context->isDocument()) { Document* document = static_cast<Document*>(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) request->addHeaderField("Cookie", cookie); // Set "Cookie2: <cookie>" if cookies 2 exists for url? } request->addHeaderField("Pragma", "no-cache"); request->addHeaderField("Cache-Control", "no-cache"); request->addHeaderField("Sec-WebSocket-Key", m_secWebSocketKey); request->addHeaderField("Sec-WebSocket-Version", "13"); const String extensionValue = m_extensionDispatcher.createHeaderValue(); if (extensionValue.length()) request->addHeaderField("Sec-WebSocket-Extensions", extensionValue); return request.release(); }
WebSocketHandshakeRequest WebSocketHandshake::clientHandshakeRequest() const { // Keep the following consistent with clientHandshakeMessage(). // FIXME: do we need to store m_secWebSocketKey1, m_secWebSocketKey2 and // m_key3 in WebSocketHandshakeRequest? WebSocketHandshakeRequest request("GET", m_url); request.addHeaderField("Upgrade", "WebSocket"); request.addHeaderField("Connection", "Upgrade"); request.addHeaderField("Host", hostName(m_url, m_secure)); request.addHeaderField("Origin", clientOrigin()); if (!m_clientProtocol.isEmpty()) request.addHeaderField("Sec-WebSocket-Protocol:", m_clientProtocol); KURL url = httpURLForAuthenticationAndCookies(); if (m_context->isDocument()) { Document* document = static_cast<Document*>(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) request.addHeaderField("Cookie", cookie); // Set "Cookie2: <cookie>" if cookies 2 exists for url? } request.addHeaderField("Sec-WebSocket-Key1", m_secWebSocketKey1); request.addHeaderField("Sec-WebSocket-Key2", m_secWebSocketKey2); request.setKey3(m_key3); return request; }
ResourceRequest WebSocketHandshake::clientHandshakeRequest() const { // Keep the following consistent with clientHandshakeMessage(). ResourceRequest request(m_url); request.setHTTPMethod("GET"); request.setHTTPHeaderField(HTTPHeaderName::Connection, "Upgrade"); request.setHTTPHeaderField(HTTPHeaderName::Host, hostName(m_url, m_secure)); request.setHTTPHeaderField(HTTPHeaderName::Origin, clientOrigin()); if (!m_clientProtocol.isEmpty()) request.setHTTPHeaderField(HTTPHeaderName::SecWebSocketProtocol, m_clientProtocol); URL url = httpURLForAuthenticationAndCookies(); if (m_allowCookies && m_document) { String cookie = cookieRequestHeaderFieldValue(*m_document, url); if (!cookie.isEmpty()) request.setHTTPHeaderField(HTTPHeaderName::Cookie, cookie); } request.setHTTPHeaderField(HTTPHeaderName::Pragma, "no-cache"); request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "no-cache"); request.setHTTPHeaderField(HTTPHeaderName::SecWebSocketKey, m_secWebSocketKey); request.setHTTPHeaderField(HTTPHeaderName::SecWebSocketVersion, "13"); const String extensionValue = m_extensionDispatcher.createHeaderValue(); if (extensionValue.length()) request.setHTTPHeaderField(HTTPHeaderName::SecWebSocketExtensions, extensionValue); // Add a User-Agent header. request.setHTTPHeaderField(HTTPHeaderName::UserAgent, m_document->userAgent(m_document->url())); return request; }
void WebSocketHandshake::checkResponseHeaders() { ASSERT(m_mode == Normal); m_mode = Failed; if (m_wsOrigin.isNull()) { m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: 'websocket-origin' header is missing", 0, clientOrigin()); return; } if (m_wsLocation.isNull()) { m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: 'websocket-location' header is missing", 0, clientOrigin()); return; } if (clientOrigin() != m_wsOrigin) { m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: origin mismatch: " + clientOrigin() + " != " + m_wsOrigin, 0, clientOrigin()); return; } if (clientLocation() != m_wsLocation) { m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: location mismatch: " + clientLocation() + " != " + m_wsLocation, 0, clientOrigin()); return; } if (!m_clientProtocol.isEmpty() && m_clientProtocol != m_wsProtocol) { m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: protocol mismatch: " + m_clientProtocol + " != " + m_wsProtocol, 0, clientOrigin()); return; } m_mode = Connected; return; }
CString WebSocketHandshake::clientHandshakeMessage() const { // Keep the following consistent with clientHandshakeRequest(). StringBuilder builder; builder.append("GET "); builder.append(resourceName(m_url)); builder.append(" HTTP/1.1\r\n"); Vector<String> fields; fields.append("Upgrade: websocket"); fields.append("Connection: Upgrade"); fields.append("Host: " + hostName(m_url, m_secure)); fields.append("Origin: " + clientOrigin()); if (!m_clientProtocol.isEmpty()) fields.append("Sec-WebSocket-Protocol: " + m_clientProtocol); KURL url = httpURLForAuthenticationAndCookies(); if (m_context->isDocument()) { Document* document = toDocument(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) fields.append("Cookie: " + cookie); // Set "Cookie2: <cookie>" if cookies 2 exists for url? } // Add no-cache headers to avoid compatibility issue. // There are some proxies that rewrite "Connection: upgrade" // to "Connection: close" in the response if a request doesn't contain // these headers. fields.append("Pragma: no-cache"); fields.append("Cache-Control: no-cache"); fields.append("Sec-WebSocket-Key: " + m_secWebSocketKey); fields.append("Sec-WebSocket-Version: 13"); const String extensionValue = m_extensionDispatcher.createHeaderValue(); if (extensionValue.length()) fields.append("Sec-WebSocket-Extensions: " + extensionValue); // Add a User-Agent header. fields.append("User-Agent: " + m_context->userAgent(m_context->url())); // Fields in the handshake are sent by the client in a random order; the // order is not meaningful. Thus, it's ok to send the order we constructed // the fields. for (size_t i = 0; i < fields.size(); i++) { builder.append(fields[i]); builder.append("\r\n"); } builder.append("\r\n"); return builder.toString().utf8(); }
bool WebSocketHandshake::checkResponseHeaders() { const String& serverWebSocketLocation = this->serverWebSocketLocation(); const String& serverWebSocketOrigin = this->serverWebSocketOrigin(); const String& serverWebSocketProtocol = this->serverWebSocketProtocol(); const String& serverUpgrade = this->serverUpgrade(); const String& serverConnection = this->serverConnection(); if (serverUpgrade.isNull()) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: 'Upgrade' header is missing", 0, clientOrigin(), 0); return false; } if (serverConnection.isNull()) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: 'Connection' header is missing", 0, clientOrigin(), 0); return false; } if (serverWebSocketOrigin.isNull()) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: 'Sec-WebSocket-Origin' header is missing", 0, clientOrigin(), 0); return false; } if (serverWebSocketLocation.isNull()) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: 'Sec-WebSocket-Location' header is missing", 0, clientOrigin(), 0); return false; } if (!equalIgnoringCase(serverUpgrade, "websocket")) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: 'Upgrade' header value is not 'WebSocket'", 0, clientOrigin(), 0); return false; } if (!equalIgnoringCase(serverConnection, "upgrade")) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: 'Connection' header value is not 'Upgrade'", 0, clientOrigin(), 0); return false; } if (clientOrigin() != serverWebSocketOrigin) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: origin mismatch: " + clientOrigin() + " != " + serverWebSocketOrigin, 0, clientOrigin(), 0); return false; } if (clientLocation() != serverWebSocketLocation) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: location mismatch: " + clientLocation() + " != " + serverWebSocketLocation, 0, clientOrigin(), 0); return false; } if (!m_clientProtocol.isEmpty() && m_clientProtocol != serverWebSocketProtocol) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Error during WebSocket handshake: protocol mismatch: " + m_clientProtocol + " != " + serverWebSocketProtocol, 0, clientOrigin(), 0); return false; } return true; }
WebSocketHandshakeRequest WebSocketHandshake::clientHandshakeRequest() const { // Keep the following consistent with clientHandshakeMessage(). WebSocketHandshakeRequest request(m_url, clientOrigin(), m_clientProtocol); KURL url = httpURLForAuthenticationAndCookies(); if (m_context->isDocument()) { Document* document = static_cast<Document*>(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) request.addExtraHeaderField("Cookie", cookie); // Set "Cookie2: <cookie>" if cookies 2 exists for url? } return request; }
CString WebSocketHandshake::clientHandshakeMessage() const { // Keep the following consistent with clientHandshakeRequest(). StringBuilder builder; builder.append("GET "); builder.append(resourceName(m_url)); builder.append(" HTTP/1.1\r\n"); Vector<String> fields; fields.append("Upgrade: WebSocket"); fields.append("Connection: Upgrade"); fields.append("Host: " + hostName(m_url, m_secure)); fields.append("Origin: " + clientOrigin()); if (!m_clientProtocol.isEmpty()) fields.append("Sec-WebSocket-Protocol: " + m_clientProtocol); KURL url = httpURLForAuthenticationAndCookies(); if (m_context->isDocument()) { Document* document = static_cast<Document*>(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) fields.append("Cookie: " + cookie); // Set "Cookie2: <cookie>" if cookies 2 exists for url? } fields.append("Sec-WebSocket-Key1: " + m_secWebSocketKey1); fields.append("Sec-WebSocket-Key2: " + m_secWebSocketKey2); // Fields in the handshake are sent by the client in a random order; the // order is not meaningful. Thus, it's ok to send the order we constructed // the fields. for (size_t i = 0; i < fields.size(); i++) { builder.append(fields[i]); builder.append("\r\n"); } builder.append("\r\n"); CString handshakeHeader = builder.toString().utf8(); char* characterBuffer = 0; CString msg = CString::newUninitialized(handshakeHeader.length() + sizeof(m_key3), characterBuffer); memcpy(characterBuffer, handshakeHeader.data(), handshakeHeader.length()); memcpy(characterBuffer + handshakeHeader.length(), m_key3, sizeof(m_key3)); return msg; }
CString WebSocketHandshake::clientHandshakeMessage() const { // Keep the following consistent with clientHandshakeRequest(). StringBuilder builder; builder.append("GET "); builder.append(resourceName(m_url)); builder.append(" HTTP/1.1\r\n"); Vector<String> fields; fields.append("Upgrade: websocket"); fields.append("Connection: Upgrade"); fields.append("Host: " + hostName(m_url, m_secure)); fields.append("Origin: " + clientOrigin()); if (!m_clientProtocol.isEmpty()) fields.append("Sec-WebSocket-Protocol: " + m_clientProtocol); KURL url = httpURLForAuthenticationAndCookies(); if (m_context->isDocument()) { Document* document = static_cast<Document*>(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) fields.append("Cookie: " + cookie); // Set "Cookie2: <cookie>" if cookies 2 exists for url? } fields.append("Sec-WebSocket-Key: " + m_secWebSocketKey); fields.append("Sec-WebSocket-Version: 13"); const String extensionValue = m_extensionDispatcher.createHeaderValue(); if (extensionValue.length()) fields.append("Sec-WebSocket-Extensions: " + extensionValue); // Fields in the handshake are sent by the client in a random order; the // order is not meaningful. Thus, it's ok to send the order we constructed // the fields. for (size_t i = 0; i < fields.size(); i++) { builder.append(fields[i]); builder.append("\r\n"); } builder.append("\r\n"); return builder.toString().utf8(); }
CString WebSocketHandshake::clientHandshakeMessage() const { StringBuilder builder; builder.append("GET "); builder.append(resourceName(m_url)); builder.append(" HTTP/1.1\r\n"); builder.append("Upgrade: WebSocket\r\n"); builder.append("Connection: Upgrade\r\n"); builder.append("Host: "); builder.append(m_url.host().lower()); if (m_url.port()) { if ((!m_secure && m_url.port() != 80) || (m_secure && m_url.port() != 443)) { builder.append(":"); builder.append(String::number(m_url.port())); } } builder.append("\r\n"); builder.append("Origin: "); builder.append(clientOrigin()); builder.append("\r\n"); if (!m_clientProtocol.isEmpty()) { builder.append("WebSocket-Protocol: "); builder.append(m_clientProtocol); builder.append("\r\n"); } KURL url = httpURLForAuthenticationAndCookies(); // FIXME: set authentication information or cookies for url. // Set "Authorization: <credentials>" if authentication information exists for url. if (m_context->isDocument()) { Document* document = static_cast<Document*>(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) { builder.append("Cookie: "); builder.append(cookie); builder.append("\r\n"); } // Set "Cookie2: <cookie>" if cookies 2 exists for url? } builder.append("\r\n"); return builder.toString().utf8(); }
WebSocketHandshakeRequest WebSocketHandshake::clientHandshakeRequest() const { // Keep the following consistent with clientHandshakeMessage(). // FIXME: do we need to store m_secWebSocketKey1, m_secWebSocketKey2 and // m_key3 in WebSocketHandshakeRequest? WebSocketHandshakeRequest request("GET", m_url); if (m_useHixie76Protocol) request.addHeaderField("Upgrade", "WebSocket"); else request.addHeaderField("Upgrade", "websocket"); request.addHeaderField("Connection", "Upgrade"); request.addHeaderField("Host", hostName(m_url, m_secure)); request.addHeaderField("Origin", clientOrigin()); if (!m_clientProtocol.isEmpty()) request.addHeaderField("Sec-WebSocket-Protocol:", m_clientProtocol); KURL url = httpURLForAuthenticationAndCookies(); if (m_context->isDocument()) { Document* document = static_cast<Document*>(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) request.addHeaderField("Cookie", cookie); // Set "Cookie2: <cookie>" if cookies 2 exists for url? } if (m_useHixie76Protocol) { request.addHeaderField("Sec-WebSocket-Key1", m_hixie76SecWebSocketKey1); request.addHeaderField("Sec-WebSocket-Key2", m_hixie76SecWebSocketKey2); request.setKey3(m_hixie76Key3); } else { request.addHeaderField("Sec-WebSocket-Key", m_secWebSocketKey); request.addHeaderField("Sec-WebSocket-Version", "13"); const String extensionValue = m_extensionDispatcher.createHeaderValue(); if (extensionValue.length()) request.addHeaderField("Sec-WebSocket-Extensions", extensionValue); } return request; }
ResourceRequest WebSocketHandshake::clientHandshakeRequest() const { // Keep the following consistent with clientHandshakeMessage(). // FIXME: do we need to store m_secWebSocketKey1, m_secWebSocketKey2 and // m_key3 in the request? ResourceRequest request(m_url); request.setHTTPMethod("GET"); request.addHTTPHeaderField("Connection", "Upgrade"); request.addHTTPHeaderField("Host", hostName(m_url, m_secure)); request.addHTTPHeaderField("Origin", clientOrigin()); if (!m_clientProtocol.isEmpty()) request.addHTTPHeaderField("Sec-WebSocket-Protocol", m_clientProtocol); KURL url = httpURLForAuthenticationAndCookies(); if (m_context->isDocument()) { Document* document = toDocument(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) request.addHTTPHeaderField("Cookie", cookie); // Set "Cookie2: <cookie>" if cookies 2 exists for url? } request.addHTTPHeaderField("Pragma", "no-cache"); request.addHTTPHeaderField("Cache-Control", "no-cache"); request.addHTTPHeaderField("Sec-WebSocket-Key", m_secWebSocketKey); request.addHTTPHeaderField("Sec-WebSocket-Version", "13"); const String extensionValue = m_extensionDispatcher.createHeaderValue(); if (extensionValue.length()) request.addHTTPHeaderField("Sec-WebSocket-Extensions", extensionValue); // Add a User-Agent header. request.addHTTPHeaderField("User-Agent", m_context->userAgent(m_context->url())); return request; }
CString WebSocketHandshake::clientHandshakeMessage() const { // Keep the following consistent with clientHandshakeRequest(). StringBuilder builder; builder.append("GET "); builder.append(resourceName(m_url)); builder.append(" HTTP/1.1\r\n"); Vector<String> fields; if (m_useHixie76Protocol) fields.append("Upgrade: WebSocket"); else fields.append("Upgrade: websocket"); fields.append("Connection: Upgrade"); fields.append("Host: " + hostName(m_url, m_secure)); fields.append("Origin: " + clientOrigin()); if (!m_clientProtocol.isEmpty()) fields.append("Sec-WebSocket-Protocol: " + m_clientProtocol); KURL url = httpURLForAuthenticationAndCookies(); if (m_context->isDocument()) { Document* document = static_cast<Document*>(m_context); String cookie = cookieRequestHeaderFieldValue(document, url); if (!cookie.isEmpty()) fields.append("Cookie: " + cookie); // Set "Cookie2: <cookie>" if cookies 2 exists for url? } if (m_useHixie76Protocol) { fields.append("Sec-WebSocket-Key1: " + m_hixie76SecWebSocketKey1); fields.append("Sec-WebSocket-Key2: " + m_hixie76SecWebSocketKey2); } else { fields.append("Sec-WebSocket-Key: " + m_secWebSocketKey); fields.append("Sec-WebSocket-Version: 13"); const String extensionValue = m_extensionDispatcher.createHeaderValue(); if (extensionValue.length()) fields.append("Sec-WebSocket-Extensions: " + extensionValue); } // Fields in the handshake are sent by the client in a random order; the // order is not meaningful. Thus, it's ok to send the order we constructed // the fields. for (size_t i = 0; i < fields.size(); i++) { builder.append(fields[i]); builder.append("\r\n"); } builder.append("\r\n"); CString handshakeHeader = builder.toString().utf8(); // Hybi-10 handshake is complete at this point. if (!m_useHixie76Protocol) return handshakeHeader; // Hixie-76 protocol requires sending eight-byte data (so-called "key3") after the request header fields. char* characterBuffer = 0; CString msg = CString::newUninitialized(handshakeHeader.length() + sizeof(m_hixie76Key3), characterBuffer); memcpy(characterBuffer, handshakeHeader.data(), handshakeHeader.length()); memcpy(characterBuffer + handshakeHeader.length(), m_hixie76Key3, sizeof(m_hixie76Key3)); return msg; }
const char* WebSocketHandshake::readHTTPHeaders(const char* start, const char* end) { m_response.clearHeaderFields(); Vector<char> name; Vector<char> value; for (const char* p = start; p < end; p++) { name.clear(); value.clear(); for (; p < end; p++) { switch (*p) { case '\r': if (name.isEmpty()) { if (p + 1 < end && *(p + 1) == '\n') return p + 2; m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "CR doesn't follow LF at " + trimConsoleMessage(p, end - p), 0, clientOrigin(), 0); return 0; } m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Unexpected CR in name at " + trimConsoleMessage(name.data(), name.size()), 0, clientOrigin(), 0); return 0; case '\n': m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Unexpected LF in name at " + trimConsoleMessage(name.data(), name.size()), 0, clientOrigin(), 0); return 0; case ':': break; default: name.append(*p); continue; } if (*p == ':') { ++p; break; } } for (; p < end && *p == 0x20; p++) { } for (; p < end; p++) { switch (*p) { case '\r': break; case '\n': m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Unexpected LF in value at " + trimConsoleMessage(value.data(), value.size()), 0, clientOrigin(), 0); return 0; default: value.append(*p); } if (*p == '\r') { ++p; break; } } if (p >= end || *p != '\n') { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "CR doesn't follow LF after value at " + trimConsoleMessage(p, end - p), 0, clientOrigin(), 0); return 0; } AtomicString nameStr = AtomicString::fromUTF8(name.data(), name.size()); String valueStr = String::fromUTF8(value.data(), value.size()); if (nameStr.isNull()) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "invalid UTF-8 sequence in header name", 0, clientOrigin(), 0); return 0; } if (valueStr.isNull()) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "invalid UTF-8 sequence in header value", 0, clientOrigin(), 0); return 0; } LOG(Network, "name=%s value=%s", nameStr.string().utf8().data(), valueStr.utf8().data()); m_response.addHeaderField(nameStr, valueStr); } ASSERT_NOT_REACHED(); return 0; }
// Returns the header length (including "\r\n"), or -1 if we have not received enough data yet. // If the line is malformed or the status code is not a 3-digit number, // statusCode and statusText will be set to -1 and a null string, respectively. int WebSocketHandshake::readStatusLine(const char* header, size_t headerLength, int& statusCode, String& statusText) { // Arbitrary size limit to prevent the server from sending an unbounded // amount of data with no newlines and forcing us to buffer it all. static const int maximumLength = 1024; statusCode = -1; statusText = String(); const char* space1 = 0; const char* space2 = 0; const char* p; size_t consumedLength; for (p = header, consumedLength = 0; consumedLength < headerLength; p++, consumedLength++) { if (*p == ' ') { if (!space1) space1 = p; else if (!space2) space2 = p; } else if (*p == '\0') { // The caller isn't prepared to deal with null bytes in status // line. WebSockets specification doesn't prohibit this, but HTTP // does, so we'll just treat this as an error. m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Status line contains embedded null", 0, clientOrigin(), 0); return p + 1 - header; } else if (*p == '\n') break; } if (consumedLength == headerLength) return -1; // We have not received '\n' yet. const char* end = p + 1; int lineLength = end - header; if (lineLength > maximumLength) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Status line is too long", 0, clientOrigin(), 0); return maximumLength; } // The line must end with "\r\n". if (lineLength < 2 || *(end - 2) != '\r') { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Status line does not end with CRLF", 0, clientOrigin(), 0); return lineLength; } if (!space1 || !space2) { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "No response code found: " + trimConsoleMessage(header, lineLength - 2), 0, clientOrigin(), 0); return lineLength; } String statusCodeString(space1 + 1, space2 - space1 - 1); if (statusCodeString.length() != 3) // Status code must consist of three digits. return lineLength; for (int i = 0; i < 3; ++i) if (statusCodeString[i] < '0' || statusCodeString[i] > '9') { m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Invalid status code: " + statusCodeString, 0, clientOrigin(), 0); return lineLength; } bool ok = false; statusCode = statusCodeString.toInt(&ok); ASSERT(ok); statusText = String(space2 + 1, end - space2 - 3); // Exclude "\r\n". return lineLength; }
int WebSocketHandshake::readServerHandshake(const char* header, size_t len) { m_mode = Incomplete; int statusCode; String statusText; int lineLength = readStatusLine(header, len, statusCode, statusText); if (lineLength == -1) return -1; if (statusCode == -1) { m_mode = Failed; return len; } LOG(Network, "response code: %d", statusCode); m_response.setStatusCode(statusCode); m_response.setStatusText(statusText); if (statusCode != 101) { m_mode = Failed; m_context->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, "Unexpected response code: " + String::number(statusCode), 0, clientOrigin(), 0); return len; } m_mode = Normal; if (!strnstr(header, "\r\n\r\n", len)) { // Just hasn't been received fully yet. m_mode = Incomplete; return -1; } const char* p = readHTTPHeaders(header + lineLength, header + len); if (!p) { LOG(Network, "readHTTPHeaders failed"); m_mode = Failed; return len; } if (!checkResponseHeaders()) { LOG(Network, "header process failed"); m_mode = Failed; return p - header; } if (len < static_cast<size_t>(p - header + sizeof(m_expectedChallengeResponse))) { // Just hasn't been received /expected/ yet. m_mode = Incomplete; return -1; } m_response.setChallengeResponse(static_cast<const unsigned char*>(static_cast<const void*>(p))); if (memcmp(p, m_expectedChallengeResponse, sizeof(m_expectedChallengeResponse))) { m_mode = Failed; return (p - header) + sizeof(m_expectedChallengeResponse); } m_mode = Connected; return (p - header) + sizeof(m_expectedChallengeResponse); }
int WebSocketHandshake::readServerHandshake(const char* header, size_t len) { m_mode = Incomplete; if (len < sizeof(webSocketServerHandshakeHeader) - 1) { // Just hasn't been received fully yet. return -1; } if (!memcmp(header, webSocketServerHandshakeHeader, sizeof(webSocketServerHandshakeHeader) - 1)) m_mode = Normal; else { const String& code = extractResponseCode(header, len); if (code.isNull()) { m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Short server handshake: " + String(header, len), 0, clientOrigin()); return -1; } if (code.isEmpty()) { m_mode = Failed; m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "No response code found: " + String(header, len), 0, clientOrigin()); return len; } LOG(Network, "response code: %s", code.utf8().data()); if (code == "401") { m_mode = Failed; m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Authentication required, but not implemented yet.", 0, clientOrigin()); return len; } else { m_mode = Failed; m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Unexpected response code:" + code, 0, clientOrigin()); return len; } } const char* p = header + sizeof(webSocketServerHandshakeHeader) - 1; const char* end = header + len + 1; if (m_mode == Normal) { size_t headerSize = end - p; if (headerSize < sizeof(webSocketUpgradeHeader) - 1) { m_mode = Incomplete; return 0; } if (memcmp(p, webSocketUpgradeHeader, sizeof(webSocketUpgradeHeader) - 1)) { m_mode = Failed; m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Bad Upgrade header: " + String(p, end - p), 0, clientOrigin()); return p - header + sizeof(webSocketUpgradeHeader) - 1; } p += sizeof(webSocketUpgradeHeader) - 1; headerSize = end - p; if (headerSize < sizeof(webSocketConnectionHeader) - 1) { m_mode = Incomplete; return -1; } if (memcmp(p, webSocketConnectionHeader, sizeof(webSocketConnectionHeader) - 1)) { m_mode = Failed; m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Bad Connection header: " + String(p, end - p), 0, clientOrigin()); return p - header + sizeof(webSocketConnectionHeader) - 1; } p += sizeof(webSocketConnectionHeader) - 1; } if (!strnstr(p, "\r\n\r\n", end - p)) { // Just hasn't been received fully yet. m_mode = Incomplete; return -1; } HTTPHeaderMap headers; p = readHTTPHeaders(p, end, &headers); if (!p) { LOG(Network, "readHTTPHeaders failed"); m_mode = Failed; return len; } if (!processHeaders(headers)) { LOG(Network, "header process failed"); m_mode = Failed; return p - header; } switch (m_mode) { case Normal: checkResponseHeaders(); break; default: m_mode = Failed; break; } return p - header; }
const char* WebSocketHandshake::readHTTPHeaders(const char* start, const char* end, HTTPHeaderMap* headers) { Vector<char> name; Vector<char> value; for (const char* p = start; p < end; p++) { name.clear(); value.clear(); for (; p < end; p++) { switch (*p) { case '\r': if (name.isEmpty()) { if (p + 1 < end && *(p + 1) == '\n') return p + 2; m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "CR doesn't follow LF at " + String(p, end - p), 0, clientOrigin()); return 0; } m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Unexpected CR in name at " + String(p, end - p), 0, clientOrigin()); return 0; case '\n': m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Unexpected LF in name at " + String(p, end - p), 0, clientOrigin()); return 0; case ':': break; default: if (*p >= 0x41 && *p <= 0x5a) name.append(*p + 0x20); else name.append(*p); continue; } if (*p == ':') { ++p; break; } } for (; p < end && *p == 0x20; p++) { } for (; p < end; p++) { switch (*p) { case '\r': break; case '\n': m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Unexpected LF in value at " + String(p, end - p), 0, clientOrigin()); return 0; default: value.append(*p); } if (*p == '\r') { ++p; break; } } if (p >= end || *p != '\n') { m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "CR doesn't follow LF after value at " + String(p, end - p), 0, clientOrigin()); return 0; } AtomicString nameStr(String::fromUTF8(name.data(), name.size())); String valueStr = String::fromUTF8(value.data(), value.size()); LOG(Network, "name=%s value=%s", nameStr.string().utf8().data(), valueStr.utf8().data()); headers->add(nameStr, valueStr); } ASSERT_NOT_REACHED(); return 0; }