/*! \internal */ QString QWebSocketHandshakeResponse::getHandshakeResponse( const QWebSocketHandshakeRequest &request, const QString &serverName, bool isOriginAllowed, const QList<QWebSocketProtocol::Version> &supportedVersions, const QList<QString> &supportedProtocols, const QList<QString> &supportedExtensions) { QStringList response; m_canUpgrade = false; if (!isOriginAllowed) { if (!m_canUpgrade) { m_error = QWebSocketProtocol::CC_POLICY_VIOLATED; m_errorString = ("Access forbidden."); response << QStringLiteral("HTTP/1.1 403 Access Forbidden"); } } else { if (request.isValid()) { const QString acceptKey = calculateAcceptKey(request.key()); const QList<QString> matchingProtocols = supportedProtocols.toSet().intersect(request.protocols().toSet()).toList(); const QList<QString> matchingExtensions = supportedExtensions.toSet().intersect(request.extensions().toSet()).toList(); QList<QWebSocketProtocol::Version> matchingVersions = request.versions().toSet().intersect(supportedVersions.toSet()).toList(); std::sort(matchingVersions.begin(), matchingVersions.end(), std::greater<QWebSocketProtocol::Version>()); //sort in descending order if (Q_UNLIKELY(matchingVersions.isEmpty())) { m_error = QWebSocketProtocol::CC_PROTOCOL_ERROR; m_errorString = ("Unsupported version requested."); m_canUpgrade = false; } else { response << QStringLiteral("HTTP/1.1 101 Switching Protocols") << QStringLiteral("Upgrade: websocket") << QStringLiteral("Connection: Upgrade") << QStringLiteral("Sec-WebSocket-Accept: ") % acceptKey; if (!matchingProtocols.isEmpty()) { m_acceptedProtocol = matchingProtocols.first(); response << QStringLiteral("Sec-WebSocket-Protocol: ") % m_acceptedProtocol; } if (!matchingExtensions.isEmpty()) { m_acceptedExtension = matchingExtensions.first(); response << QStringLiteral("Sec-WebSocket-Extensions: ") % m_acceptedExtension; } QString origin = request.origin().trimmed(); if (origin.isEmpty()) origin = QStringLiteral("*"); response << QStringLiteral("Server: ") % serverName << QStringLiteral("Access-Control-Allow-Credentials: false") << QStringLiteral("Access-Control-Allow-Methods: GET") << QStringLiteral("Access-Control-Allow-Headers: content-type") << QStringLiteral("Access-Control-Allow-Origin: ") % origin << QStringLiteral("Date: ") % QDateTime::currentDateTimeUtc() .toString(QStringLiteral("ddd, dd MMM yyyy hh:mm:ss 'GMT'")); m_acceptedVersion = QWebSocketProtocol::currentVersion(); m_canUpgrade = true; } } else { m_error = QWebSocketProtocol::CC_PROTOCOL_ERROR; m_errorString = ("Bad handshake request received."); m_canUpgrade = false; } if (Q_UNLIKELY(!m_canUpgrade)) { response << QStringLiteral("HTTP/1.1 400 Bad Request"); QStringList versions; Q_FOREACH (QWebSocketProtocol::Version version, supportedVersions) versions << QString::number(static_cast<int>(version)); response << QStringLiteral("Sec-WebSocket-Version: ") % versions.join(QStringLiteral(", ")); } } response << QStringLiteral("\r\n"); //append empty line at end of header return response.join(QStringLiteral("\r\n")); }
/*! \internal */ QString QWebSocketHandshakeResponse::getHandshakeResponse( const QWebSocketHandshakeRequest &request, const QString &serverName, bool isOriginAllowed, const QList<QWebSocketProtocol::Version> &supportedVersions, const QList<QString> &supportedProtocols, const QList<QString> &supportedExtensions) { QStringList response; m_canUpgrade = false; if (!isOriginAllowed) { if (!m_canUpgrade) { m_error = QWebSocketProtocol::CloseCodePolicyViolated; m_errorString = tr("Access forbidden."); response << QStringLiteral("HTTP/1.1 403 Access Forbidden"); } } else { if (request.isValid()) { const QString acceptKey = calculateAcceptKey(request.key()); const QList<QString> matchingProtocols = supportedProtocols.toSet().intersect(request.protocols().toSet()).toList(); //TODO: extensions must be kept in the order in which they arrive //cannot use set.intersect() to get the supported extensions const QList<QString> matchingExtensions = supportedExtensions.toSet().intersect(request.extensions().toSet()).toList(); QList<QWebSocketProtocol::Version> matchingVersions = request.versions().toSet().intersect(supportedVersions.toSet()).toList(); std::sort(matchingVersions.begin(), matchingVersions.end(), std::greater<QWebSocketProtocol::Version>()); //sort in descending order if (Q_UNLIKELY(matchingVersions.isEmpty())) { m_error = QWebSocketProtocol::CloseCodeProtocolError; m_errorString = tr("Unsupported version requested."); m_canUpgrade = false; } else { response << QStringLiteral("HTTP/1.1 101 Switching Protocols") << QStringLiteral("Upgrade: websocket") << QStringLiteral("Connection: Upgrade") << QStringLiteral("Sec-WebSocket-Accept: ") % acceptKey; if (!matchingProtocols.isEmpty()) { m_acceptedProtocol = matchingProtocols.first(); response << QStringLiteral("Sec-WebSocket-Protocol: ") % m_acceptedProtocol; } if (!matchingExtensions.isEmpty()) { m_acceptedExtension = matchingExtensions.first(); response << QStringLiteral("Sec-WebSocket-Extensions: ") % m_acceptedExtension; } QString origin = request.origin().trimmed(); if (origin.contains(QStringLiteral("\r\n")) || serverName.contains(QStringLiteral("\r\n"))) { m_error = QWebSocketProtocol::CloseCodeAbnormalDisconnection; m_errorString = tr("One of the headers contains a newline. " \ "Possible attack detected."); m_canUpgrade = false; } else { if (origin.isEmpty()) origin = QStringLiteral("*"); response << QStringLiteral("Server: ") % serverName << QStringLiteral("Access-Control-Allow-Credentials: false") << QStringLiteral("Access-Control-Allow-Methods: GET") << QStringLiteral("Access-Control-Allow-Headers: content-type") << QStringLiteral("Access-Control-Allow-Origin: ") % origin << QStringLiteral("Date: ") % QDateTime::currentDateTimeUtc() .toString(QStringLiteral("ddd, dd MMM yyyy hh:mm:ss 'GMT'")); m_acceptedVersion = QWebSocketProtocol::currentVersion(); m_canUpgrade = true; } } } else { m_error = QWebSocketProtocol::CloseCodeProtocolError; m_errorString = tr("Bad handshake request received."); m_canUpgrade = false; } if (Q_UNLIKELY(!m_canUpgrade)) { response << QStringLiteral("HTTP/1.1 400 Bad Request"); QStringList versions; Q_FOREACH (const QWebSocketProtocol::Version &version, supportedVersions) versions << QString::number(static_cast<int>(version)); response << QStringLiteral("Sec-WebSocket-Version: ") % versions.join(QStringLiteral(", ")); } }