You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2019/09/18 08:34:18 UTC

[Bug 63753] New: unnecessary websocket request host header port number checking

https://bz.apache.org/bugzilla/show_bug.cgi?id=63753

            Bug ID: 63753
           Summary: unnecessary websocket request host header port number
                    checking
           Product: Tomcat 9
           Version: 9.0.x
          Hardware: All
                OS: All
            Status: NEW
          Severity: trivial
          Priority: P2
         Component: WebSocket
          Assignee: dev@tomcat.apache.org
          Reporter: jongfighter@gmail.com
  Target Milestone: -----

WsWebSocketContainer::createRequestHeaders intends to check whether the port
number is -1 or not.

        // Host header
        List<String> hostValues = new ArrayList<>(1);
        if (port == -1) {
            hostValues.add(host);
        } else {
            hostValues.add(host + ':' + port);
        }

However, before createRequestHeaders method is called, the port number is set
to 80 and 443 in connectToServerRecursive method. The value of port cannot be
-1.

        if (port == -1) {
            if ("ws".equalsIgnoreCase(scheme)) {
                port = 80;
            } else {
                // Must be wss due to scheme validation above
                port = 443;
            }
        }

I think it is side effect of revision 230c1083fd9f10ec50ccd1d15032f2df29e4de2c.
(git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1780109
13f79535-47bb-0310-9956-ffa450edef68). It is better to remove the code.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 63753] unnecessary websocket request host header port number checking

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63753

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
The original purpose of the code was to include the port in the HTTP host
header if a non-standard port was used. That requirement still exists but the
refactoring to support proxing broke the previous implementation. I have now
fixed this. Thanks for reporting this issue.

Fixed in:
- master for 9.0.27 onwards
- 8.5.x for 8.5.47 onwards
- 7.0.x for 7.0.97 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org