Skip to content

Commit

Permalink
Fix for #148 Improve the WebSocketHanshakeFilter to drop Firefox inva…
Browse files Browse the repository at this point in the history 
…lid websocket request
  • Loading branch information
@jfarcand
jfarcand committed Jan 16, 2012
1 parent 575bcb5 commit e0fd589
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion modules/cpr/src/main/java/org/atmosphere/websocket/WebSocketHandshakeFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ public void init(FilterConfig filterConfig) throws ServletException {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

if (HttpServletRequest.class.cast(request).getHeader("Upgrade") != null) {
if (HttpServletRequest.class.cast(request).getHeader("Connection") != null && HttpServletRequest.class.cast(request).getHeader("Connection").equalsIgnoreCase("upgrade")) {
int draft = HttpServletRequest.class.cast(request).getIntHeader("Sec-WebSocket-Version");
if (draft < 0) {
draft = HttpServletRequest.class.cast(request).getIntHeader("Sec-WebSocket-Draft");
Expand All @@ -68,6 +68,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
}
}
}
} else if (HttpServletRequest.class.cast(request).getIntHeader("Sec-WebSocket-Version") > 0) {
logger.error("Invalid WebSocket Specification {} with {} ", HttpServletRequest.class.cast(request).getHeader("Connection"), HttpServletRequest.class.cast(request).getIntHeader("Sec-WebSocket-Version"));
HttpServletResponse.class.cast(response).addHeader(X_ATMOSPHERE_ERROR, "Websocket protocol not supported");
HttpServletResponse.class.cast(response).sendError(202, "Websocket protocol not supported");
return;
}
chain.doFilter(request, response);
}
Expand Down

0 comments on commit e0fd589

Please sign in to comment.