kritphong
/
websockets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Correct and improve header upgrade error handling.

Browse Source
master
Thomas Hintz 10 years ago
parent 9312d6d5ca
commit a79b61968f
1 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File

24
websockets.scm
Unescape Escape View File

@ -38,6 +38,8 @@
(define accept-connection (make-parameter (lambda (origin) #t))) (define accept-connection (make-parameter (lambda (origin) #t)))
(define drop-incoming-pings (make-parameter #t)) (define drop-incoming-pings (make-parameter #t))
(define propagate-common-errors (make-parameter #f)) (define propagate-common-errors (make-parameter #f))
(define access-denied ; TODO test
(make-parameter (lambda () (send-status 'forbidden "<h1>Access denied</h1>"))))
(define max-frame-size (make-parameter 1048576)) ; 1MiB (define max-frame-size (make-parameter 1048576)) ; 1MiB
(define max-message-size (define max-message-size
@ -51,11 +53,6 @@
(apply make-composite-condition (append `(,(make-property-condition 'websocket)) (apply make-composite-condition (append `(,(make-property-condition 'websocket))
conditions))) conditions)))
(define (make-invalid-header-exception type k v)
(make-composite-condition (make-websocket-exception
(make-property-condition type k v))
(make-property-condition 'invalid-header)))
(define (make-protocol-violation-exception msg) (define (make-protocol-violation-exception msg)
(make-composite-condition (make-property-condition 'websocket) (make-composite-condition (make-property-condition 'websocket)
(make-property-condition 'protocol-error 'msg msg))) (make-property-condition 'protocol-error 'msg msg)))
@ -78,7 +75,8 @@
('connection-close 8) ('connection-close 8)
('ping 9) ('ping 9)
('pong 10) ('pong 10)
(else (error "bad optype")))) ; TODO (else (signal (make-websocket-exception
(make-property-condition 'invalid-optype))))))
(define (control-frame? optype) (define (control-frame? optype)
(or (eq? optype 'ping) (eq? optype 'pong) (eq? optype 'connection-close))) (or (eq? optype 'ping) (eq? optype 'pong) (eq? optype 'connection-close)))
@ -553,7 +551,6 @@ static const uint8_t utf8d[] = {
(define (websocket-compute-handshake client-key) (define (websocket-compute-handshake client-key)
(let* ((key-and-magic (let* ((key-and-magic
; TODO generate new, randome, secure key every time
(string-append client-key "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")) (string-append client-key "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"))
(key-and-magic-sha1 (sha1-sum key-and-magic))) (key-and-magic-sha1 (sha1-sum key-and-magic)))
(base64-encode key-and-magic-sha1))) (base64-encode key-and-magic-sha1)))
@ -595,15 +592,14 @@ static const uint8_t utf8d[] = {
; make sure the request meets the spec for websockets ; make sure the request meets the spec for websockets
(cond ((not (and (eq? (header-value 'connection headers #f) 'upgrade) (cond ((not (and (eq? (header-value 'connection headers #f) 'upgrade)
(string-ci= (car (header-value 'upgrade headers '(""))) "websocket"))) (string-ci= (car (header-value 'upgrade headers '(""))) "websocket")))
(signal (make-invalid-header-exception 'upgrade 'value (signal (make-websocket-exception
(header-value 'upgrade headers #f)))) (make-property-condition 'missing-upgrade-header))))
((not (string= (header-value 'sec-websocket-version headers "") "13")) ((not (string= (header-value 'sec-websocket-version headers "") "13"))
(signal (make-invalid-header-exception (with-headers ; TODO test
'websocket-version 'version `((sec-websocket-version "13"))
(header-value 'sec-websocket-version headers #f)))) (lambda () (send-status 'upgrade-required))))
((not ((accept-connection) (header-value 'origin headers ""))) ((not ((accept-connection) (header-value 'origin headers "")))
(signal (make-invalid-header-exception 'origin 'value ((access-denied))))
(header-value 'origin headers #f)))))
(with-headers (with-headers
`((upgrade ("WebSocket" . #f)) `((upgrade ("WebSocket" . #f))

Write Preview
Loading…
Cancel
Save