You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/09/19 13:52:37 UTC

[tomcat] branch 7.0.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS host header

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new 1422945  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS host header
1422945 is described below

commit 1422945fd45a5f88d5d21ddd1b121f9cf0d8602f
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Sep 19 14:46:09 2019 +0100

    Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63753 WS host header
    
    Ensure that the Host header in a Web Socket HTTP upgrade request only
    contains a port if a non-default port is being used.
---
 java/org/apache/tomcat/websocket/WsWebSocketContainer.java | 7 ++++---
 webapps/docs/changelog.xml                                 | 9 +++++++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/websocket/WsWebSocketContainer.java b/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
index e779d12..d23ba3c 100644
--- a/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
+++ b/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
@@ -307,7 +307,7 @@ public class WsWebSocketContainer
         }
 
         // Create the initial HTTP request to open the WebSocket connection
-        Map<String, List<String>> reqHeaders = createRequestHeaders(host, port,
+        Map<String, List<String>> reqHeaders = createRequestHeaders(host, port, secure,
                 clientEndpointConfiguration);
         clientEndpointConfiguration.getConfigurator().beforeRequest(reqHeaders);
         if (Constants.DEFAULT_ORIGIN_HEADER_VALUE != null
@@ -689,7 +689,7 @@ public class WsWebSocketContainer
     }
 
     private static Map<String, List<String>> createRequestHeaders(String host, int port,
-            ClientEndpointConfig clientEndpointConfiguration) {
+            boolean secure, ClientEndpointConfig clientEndpointConfiguration) {
 
         Map<String, List<String>> headers = new HashMap<String, List<String>>();
         List<Extension> extensions = clientEndpointConfiguration.getExtensions();
@@ -704,7 +704,8 @@ public class WsWebSocketContainer
 
         // Host header
         List<String> hostValues = new ArrayList<String>(1);
-        if (port == -1) {
+        if (port == 80 && !secure || port == 443 && secure) {
+            // Default ports. Do not include port in host header
             hostValues.add(host);
         } else {
             hostValues.add(host + ':' + port);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 30d1aaa..ba887d9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -133,6 +133,15 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Web Socket">
+    <changelog>
+      <fix>
+        <bug>63753</bug>: Ensure that the <code>Host</code> header in a Web
+        Socket HTTP upgrade request only contains a port if a non-default port
+        is being used. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Web applications">
     <changelog>
       <fix>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org