<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[199434] releases/WebKitGTK/webkit-2.12</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/199434">199434</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2016-04-13 01:52:20 -0700 (Wed, 13 Apr 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/198561">r198561</a> - Restrict WebSockets header parsing according to RFC6455 and RFC7230. Based on Lamarque V. Souza's original patch.
https://bugs.webkit.org/show_bug.cgi?id=82714
Patch by John Wilander <wilander@apple.com> on 2016-03-22
Reviewed by Brent Fulgham.
Source/WebCore:
Tests: http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html
http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html
http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html
http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html
http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html
http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html
http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html
http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html
* Modules/websockets/WebSocketHandshake.cpp:
(WebCore::WebSocketHandshake::httpURLForAuthenticationAndCookies):
(WebCore::headerHasValidHTTPVersion):
- Check for HTTP version 1.1 and above.
(WebCore::WebSocketHandshake::readStatusLine):
- Only allow ASCII characters in status line.
- Only allow HTTP version 1.1 and above in status line.
(WebCore::WebSocketHandshake::readHTTPHeaders):
- Only allow ASCII characters in values for new HTTP headers.
LayoutTests:
* http/tests/websocket/tests/hybi/error-event-ready-state-expected.txt: Removed.
- See comment below on the associated HTML file.
* http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt: Added.
* http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html: Added.
- Uses PHP to respond with an HTTP 1.1 404. The old (now removed) test case failed once we restricted WebSockets to HTTP 1.1 and above because the test server responded with an HTTP 1.0 404 for non-existing files.
* http/tests/websocket/tests/hybi/error-event-ready-state.html: Removed.
- This test case was renamed "error-event-ready-state-non-existent-url-with-server-responding-404" to make it clear it now relies on a server responding with HTTP 1.1 404.
* http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version_wsh.py: Added.
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
- Test case for lower than HTTP 1.1 versions.
* http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt:
* http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt:
* http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt:
- Updated to pass with lowercase 'must not' in the failure reason.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept_wsh.py: Added.
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
- Test case for non-ASCII characters in new HTTP header Sec-WebSocket-Accept.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions_wsh.py: Added.
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
- Test case for non-ASCII characters in new HTTP header Sec-WebSocket-Extensions.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol_wsh.py: Added.
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
- Test case for non-ASCII characters in new HTTP header Sec-WebSocket-Protocol.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line_wsh.py: Added.
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
- Test case for non-ASCII characters in HTTP status line.
* http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html: Added.
* http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status_wsh.py: Added.
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
- Test case for null character in the middle of the HTTP status line.
* http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py:
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
- This test case was changed to prepend a null character to the actual status line. Previously it used a WebSockets frame with a prepended null before the status line. The Python WebSockets lib uses non-ASCII characters in that frame which meant the test case hit the non-ASCII check before the null check. It was confusing to me that the description and intent of the test was to run with a null in the status line, not in a frame before the status line. I believe the changed test case better reflects the intention of the test.
* http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt: Added.
* http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html: Added.
* http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1_wsh.py: Added.
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
- Test case for HTTP versions higher than 1.1.
* http/tests/websocket/tests/hybi/resources/status-404-without-body.php: Added.
- To use with the error-event-ready-state-non-existent-url-with-server-responding-404.html test described above.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsChangeLog">releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbymoreacceptheaderexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbymoreextensionsheaderexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbymoreprotocolheaderexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbyprependednull_wshpy">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCoreModuleswebsocketsWebSocketHandshakecpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystatenonexistenturlwithserverresponding404expectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystatenonexistenturlwithserverresponding404html">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbyinvalidhttpversionexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbyinvalidhttpversionhtml">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbyinvalidhttpversion_wshpy">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version_wsh.py</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketacceptexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketaccepthtml">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketaccept_wshpy">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept_wsh.py</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketextensionsexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketextensionshtml">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketextensions_wshpy">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions_wsh.py</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketprotocolexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketprotocolhtml">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketprotocol_wshpy">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol_wsh.py</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciistatuslineexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciistatuslinehtml">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciistatusline_wshpy">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line_wsh.py</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynullcharinstatusexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynullcharinstatushtml">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynullcharinstatus_wshpy">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status_wsh.py</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakeokwithhttpversionbeyond1_1expectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakeokwithhttpversionbeyond1_1html">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakeokwithhttpversionbeyond1_1_wshpy">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1_wsh.py</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybiresourcesstatus404withoutbodyphp">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/resources/status-404-without-body.php</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystateexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystatehtml">releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit212LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (199433 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-04-13 08:47:20 UTC (rev 199433)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -1,3 +1,70 @@
</span><ins>+2016-03-22 John Wilander <wilander@apple.com>
+
+ Restrict WebSockets header parsing according to RFC6455 and RFC7230. Based on Lamarque V. Souza's original patch.
+ https://bugs.webkit.org/show_bug.cgi?id=82714
+
+ Reviewed by Brent Fulgham.
+
+ * http/tests/websocket/tests/hybi/error-event-ready-state-expected.txt: Removed.
+ - See comment below on the associated HTML file.
+ * http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt: Added.
+ * http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html: Added.
+ - Uses PHP to respond with an HTTP 1.1 404. The old (now removed) test case failed once we restricted WebSockets to HTTP 1.1 and above because the test server responded with an HTTP 1.0 404 for non-existing files.
+ * http/tests/websocket/tests/hybi/error-event-ready-state.html: Removed.
+ - This test case was renamed "error-event-ready-state-non-existent-url-with-server-responding-404" to make it clear it now relies on a server responding with HTTP 1.1 404.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version_wsh.py: Added.
+ (web_socket_do_extra_handshake):
+ (web_socket_transfer_data):
+ - Test case for lower than HTTP 1.1 versions.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt:
+ * http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt:
+ * http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt:
+ - Updated to pass with lowercase 'must not' in the failure reason.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept_wsh.py: Added.
+ (web_socket_do_extra_handshake):
+ (web_socket_transfer_data):
+ - Test case for non-ASCII characters in new HTTP header Sec-WebSocket-Accept.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions_wsh.py: Added.
+ (web_socket_do_extra_handshake):
+ (web_socket_transfer_data):
+ - Test case for non-ASCII characters in new HTTP header Sec-WebSocket-Extensions.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol_wsh.py: Added.
+ (web_socket_do_extra_handshake):
+ (web_socket_transfer_data):
+ - Test case for non-ASCII characters in new HTTP header Sec-WebSocket-Protocol.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line_wsh.py: Added.
+ (web_socket_do_extra_handshake):
+ (web_socket_transfer_data):
+ - Test case for non-ASCII characters in HTTP status line.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html: Added.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status_wsh.py: Added.
+ (web_socket_do_extra_handshake):
+ (web_socket_transfer_data):
+ - Test case for null character in the middle of the HTTP status line.
+ * http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py:
+ (web_socket_do_extra_handshake):
+ (web_socket_transfer_data):
+ - This test case was changed to prepend a null character to the actual status line. Previously it used a WebSockets frame with a prepended null before the status line. The Python WebSockets lib uses non-ASCII characters in that frame which meant the test case hit the non-ASCII check before the null check. It was confusing to me that the description and intent of the test was to run with a null in the status line, not in a frame before the status line. I believe the changed test case better reflects the intention of the test.
+ * http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt: Added.
+ * http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html: Added.
+ * http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1_wsh.py: Added.
+ (web_socket_do_extra_handshake):
+ (web_socket_transfer_data):
+ - Test case for HTTP versions higher than 1.1.
+ * http/tests/websocket/tests/hybi/resources/status-404-without-body.php: Added.
+ - To use with the error-event-ready-state-non-existent-url-with-server-responding-404.html test described above.
+
</ins><span class="cx"> 2016-03-21 Zalan Bujtas <zalan@apple.com>
</span><span class="cx">
</span><span class="cx"> WebCore::RenderTableCell::setCol should put a cap on the column value.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystateexpectedtxt"></a>
<div class="delfile"><h4>Deleted: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-expected.txt (199433 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-expected.txt 2016-04-13 08:47:20 UTC (rev 199433)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -1,11 +0,0 @@
</span><del>-CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/non-existent-url' failed: Unexpected response code: 404
-Test that readyState is CLOSED within onerror event
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-onerror() was called.
-PASS ws.readyState is 3
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
</del></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystatenonexistenturlwithserverresponding404expectedtxtfromrev199433releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystateexpectedtxt"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt (from rev 199433, releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-expected.txt) (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8000/websocket/tests/hybi/resources/status-404-without-body.php' failed: Unexpected response code: 404
+Test that readyState is CLOSED within onerror event
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+onerror() was called.
+PASS ws.readyState is 3
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystatenonexistenturlwithserverresponding404htmlfromrev199433releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystatehtml"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html (from rev 199433, releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state.html) (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+<!DOCTYPE HTML>
+<html>
+<head>
+<script src="../../../../js-test-resources/js-test.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script type="text/javascript">
+description("Test that readyState is CLOSED within onerror event");
+
+window.jsTestIsAsync = true;
+
+var ws = new WebSocket("ws://localhost:8000/websocket/tests/hybi/resources/status-404-without-body.php");
+
+ws.onerror = function(event) {
+ debug("onerror() was called.");
+ shouldBe("ws.readyState", "3");
+ finishJSTest();
+};
+
+</script>
+<script src="../../../../js-test-resources/js-test.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybierroreventreadystatehtml"></a>
<div class="delfile"><h4>Deleted: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state.html (199433 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state.html 2016-04-13 08:47:20 UTC (rev 199433)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/error-event-ready-state.html 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -1,25 +0,0 @@
</span><del>-<!DOCTYPE HTML>
-<html>
-<head>
-<script src="../../../../js-test-resources/js-test.js"></script>
-</head>
-<body>
-<div id="description"></div>
-<div id="console"></div>
-<script type="text/javascript">
-description("Test that readyState is CLOSED within onerror event");
-
-window.jsTestIsAsync = true;
-
-var ws = new WebSocket("ws://localhost:8880/non-existent-url");
-
-ws.onerror = function(event) {
- debug("onerror() was called.");
- shouldBe("ws.readyState", "3");
- finishJSTest();
-};
-
-</script>
-<script src="../../../../js-test-resources/js-test.js"></script>
-</body>
-</html>
</del></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbyinvalidhttpversionexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-invalid-http-version' failed: Invalid HTTP version string: HTTP/1.0
+Test whether WebSocket handshake fails if the server sends status line with invalid http version.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS closeEvent.wasClean is false
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbyinvalidhttpversionhtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <script src="../../../../js-test-resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+ description("Test whether WebSocket handshake fails if the server sends status line with invalid http version.");
+
+ window.jsTestIsAsync = true;
+
+ var url = "ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-invalid-http-version";
+ var ws = new WebSocket(url);
+ var closeEvent;
+
+ ws.onopen = function() {
+ testFailed("Connection established.");
+ ws.close();
+ };
+
+ ws.onclose = function(event) {
+ closeEvent = event;
+ shouldBeFalse("closeEvent.wasClean");
+ finishJSTest();
+ };
+</script>
+<script src="../../../../js-test-resources/js-test-post.js"></script>
+</body>
+</html>
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbyinvalidhttpversion_wshpy"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version_wsh.py (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version_wsh.py (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version_wsh.py 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+from mod_pywebsocket import handshake
+from mod_pywebsocket import stream
+from mod_pywebsocket.handshake.hybi import compute_accept
+
+
+def web_socket_do_extra_handshake(request):
+ message = 'HTTP/1.0 101 Switching Protocols\r\n'
+ message += 'Upgrade: websocket\r\n'
+ message += 'Connection: Upgrade\r\n'
+ message += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
+ message += '\r\n'
+ request.connection.write(message)
+ raise handshake.AbortedByUserException('Abort the connection') # Prevents pywebsocket from sending its own handshake message.
+
+
+def web_socket_transfer_data(request):
+ pass
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbymoreacceptheaderexpectedtxt"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt (199433 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt 2016-04-13 08:47:20 UTC (rev 199433)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-more-accept-header' failed: The Sec-WebSocket-Accept header MUST NOT appear more than once in an HTTP response
</del><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-more-accept-header' failed: The Sec-WebSocket-Accept header must not appear more than once in an HTTP response
</ins><span class="cx"> Test that WebSocket handshake fails if there are more one Sec-WebSocket-Accept header field in the response.
</span><span class="cx">
</span><span class="cx"> On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbymoreextensionsheaderexpectedtxt"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt (199433 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt 2016-04-13 08:47:20 UTC (rev 199433)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-more-extensions-header' failed: The Sec-WebSocket-Extensions header MUST NOT appear more than once in an HTTP response
</del><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-more-extensions-header' failed: The Sec-WebSocket-Extensions header must not appear more than once in an HTTP response
</ins><span class="cx"> Test that WebSocket handshake fails if there are more than one Sec-WebSocket-Extensions header field in the response..
</span><span class="cx">
</span><span class="cx"> On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbymoreprotocolheaderexpectedtxt"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt (199433 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt 2016-04-13 08:47:20 UTC (rev 199433)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -1,4 +1,4 @@
</span><del>-CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-more-protocol-header' failed: The Sec-WebSocket-Protocol header MUST NOT appear more than once in an HTTP response
</del><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-more-protocol-header' failed: The Sec-WebSocket-Protocol header must not appear more than once in an HTTP response
</ins><span class="cx"> Test that WebSocket handshake fails if there are more than one Sec-WebSocket-Protocol header field in the response.
</span><span class="cx">
</span><span class="cx"> On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketacceptexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept' failed: Sec-WebSocket-Accept header value should only contain ASCII characters
+Test whether WebSocket handshake fails if the server sends header with non-ascii characters in name.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS closeEvent.wasClean is false
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketaccepthtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <script src="../../../../js-test-resources/js-test-pre.js"></script>
+ </head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+ description("Test whether WebSocket handshake fails if the server sends header with non-ascii characters in name.");
+
+ window.jsTestIsAsync = true;
+
+ var url = "ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept";
+ var ws = new WebSocket(url);
+ var closeEvent;
+
+ ws.onopen = function() {
+ testFailed("Connection established.");
+ ws.close();
+ };
+
+ ws.onclose = function(event) {
+ closeEvent = event;
+ shouldBeFalse("closeEvent.wasClean");
+ finishJSTest();
+ };
+</script>
+<script src="../../../../js-test-resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketaccept_wshpy"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept_wsh.py (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept_wsh.py (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept_wsh.py 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+from mod_pywebsocket import handshake
+
+def web_socket_do_extra_handshake(request):
+ message = 'HTTP/1.1 101 Switching Protocols\r\n'
+ message += 'Upgrade: websocket\r\n'
+ message += 'Connection: Upgrade\r\n'
+ message += 'Sec-WebSocket-Accept: Non-áscii-value\r\n'
+ message += '\r\n'
+ request.connection.write(message)
+ raise handshake.AbortedByUserException('Abort the connection') # Prevents pywebsocket from sending its own handshake message.
+
+
+def web_socket_transfer_data(request):
+ pass
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketextensionsexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions' failed: Sec-WebSocket-Extensions header value should only contain ASCII characters
+Test whether WebSocket handshake fails if the server sends a WebSocket extensions header with non-ascii characters in its value.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS closeEvent.wasClean is false
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketextensionshtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <script src="../../../../js-test-resources/js-test-pre.js"></script>
+ </head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+ description("Test whether WebSocket handshake fails if the server sends a WebSocket extensions header with non-ascii characters in its value.");
+
+ window.jsTestIsAsync = true;
+
+ var url = "ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions";
+ var ws = new WebSocket(url);
+ var closeEvent;
+
+ ws.onopen = function() {
+ testFailed("Connection established.");
+ ws.close();
+ };
+
+ ws.onclose = function(event) {
+ closeEvent = event;
+ shouldBeFalse("closeEvent.wasClean");
+ finishJSTest();
+ };
+</script>
+<script src="../../../../js-test-resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketextensions_wshpy"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions_wsh.py (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions_wsh.py (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions_wsh.py 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+from mod_pywebsocket import handshake
+from mod_pywebsocket.handshake.hybi import compute_accept
+
+def web_socket_do_extra_handshake(request):
+ message = 'HTTP/1.1 101 Switching Protocols\r\n'
+ message += 'Upgrade: websocket\r\n'
+ message += 'Connection: Upgrade\r\n'
+ message += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
+ message += 'Sec-WebSocket-Extensions: Non-áscii-value\r\n'
+ message += '\r\n'
+ request.connection.write(message)
+ raise handshake.AbortedByUserException('Abort the connection') # Prevents pywebsocket from sending its own handshake message.
+
+
+def web_socket_transfer_data(request):
+ pass
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketprotocolexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol' failed: Sec-WebSocket-Protocol header value should only contain ASCII characters
+Test whether WebSocket handshake fails if the server sends a WebSocket protocol header with non-ascii characters in its value.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS closeEvent.wasClean is false
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketprotocolhtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <script src="../../../../js-test-resources/js-test-pre.js"></script>
+ </head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+ description("Test whether WebSocket handshake fails if the server sends a WebSocket protocol header with non-ascii characters in its value.");
+
+ window.jsTestIsAsync = true;
+
+ var url = "ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol";
+ var ws = new WebSocket(url);
+ var closeEvent;
+
+ ws.onopen = function() {
+ testFailed("Connection established.");
+ ws.close();
+ };
+
+ ws.onclose = function(event) {
+ closeEvent = event;
+ shouldBeFalse("closeEvent.wasClean");
+ finishJSTest();
+ };
+</script>
+<script src="../../../../js-test-resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciiheadervaluesecwebsocketprotocol_wshpy"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol_wsh.py (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol_wsh.py (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol_wsh.py 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+from mod_pywebsocket import handshake
+from mod_pywebsocket.handshake.hybi import compute_accept
+
+def web_socket_do_extra_handshake(request):
+ message = 'HTTP/1.1 101 Switching Protocols\r\n'
+ message += 'Upgrade: websocket\r\n'
+ message += 'Connection: Upgrade\r\n'
+ message += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
+ message += 'Sec-WebSocket-Protocol: Non-áscii-value\r\n'
+ message += '\r\n'
+ request.connection.write(message)
+ raise handshake.AbortedByUserException('Abort the connection') # Prevents pywebsocket from sending its own handshake message.
+
+
+def web_socket_transfer_data(request):
+ pass
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciistatuslineexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line' failed: Status line contains non-ASCII character
+Test whether WebSocket handshake fails if the server sends status line with non-ascii characters.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS closeEvent.wasClean is false
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciistatuslinehtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <script src="../../../../js-test-resources/js-test-pre.js"></script>
+ </head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+ description("Test whether WebSocket handshake fails if the server sends status line with non-ascii characters.");
+
+ window.jsTestIsAsync = true;
+
+ var url = "ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line";
+ var ws = new WebSocket(url);
+ var closeEvent;
+
+ ws.onopen = function() {
+ testFailed("Connection established.");
+ ws.close();
+ };
+
+ ws.onclose = function(event) {
+ closeEvent = event;
+ shouldBeFalse("closeEvent.wasClean");
+ finishJSTest();
+ };
+</script>
+<script src="../../../../js-test-resources/js-test-post.js"></script>
+</body>
+</html>
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynonasciistatusline_wshpy"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line_wsh.py (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line_wsh.py (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line_wsh.py 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,19 @@
</span><ins>+from mod_pywebsocket import handshake
+from mod_pywebsocket import stream
+from mod_pywebsocket.handshake.hybi import compute_accept
+
+def web_socket_do_extra_handshake(request):
+ frame = stream.create_text_frame('Frame-contains-thirty-one-bytes')
+
+ message = frame
+ message += 'HTTP/1.1 101 Switching Protocols non-ascií\r\n'
+ message += 'Upgrade: websocket\r\n'
+ message += 'Connection: Upgrade\r\n'
+ message += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
+ message += '\r\n'
+ request.connection.write(message)
+ raise handshake.AbortedByUserException('Abort the connection') # Prevents pywebsocket from sending its own handshake message.
+
+
+def web_socket_transfer_data(request):
+ pass
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynullcharinstatusexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+CONSOLE MESSAGE: WebSocket connection to 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-null-char-in-status' failed: Status line contains embedded null
+Connection should fail immediately, rather than succeeding or staying in limbo until timeout, if a null byte is received in the status header.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS timedOut is false
+PASS connected is false
+PASS origin is undefined.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynullcharinstatushtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,59 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../../../js-test-resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+description('Connection should fail immediately, rather than succeeding or staying in limbo until timeout, if a null byte is received in the status header.');
+
+window.jsTestIsAsync = true;
+
+var timedOut = false;
+var connected = false;
+var origin;
+
+function endTest() {
+ shouldBeFalse('timedOut');
+ shouldBeFalse('connected');
+ shouldBeUndefined('origin');
+ clearTimeout(timeoutID);
+ finishJSTest();
+}
+
+var url = 'ws://localhost:8880/websocket/tests/hybi/handshake-fail-by-null-char-in-status';
+var ws = new WebSocket(url);
+
+ws.onopen = function()
+{
+ debug('Connected');
+ connected = true;
+}
+
+ws.onmessage = function(messageEvent)
+{
+ origin = messageEvent.data;
+ debug('origin = ' + origin);
+ ws.close();
+}
+
+ws.onclose = function()
+{
+ endTest();
+}
+
+function timeoutCallback()
+{
+ debug('Timed out (state = ' + ws.readyState + ')');
+ timedOut = true;
+ endTest();
+}
+
+var timeoutID = setTimeout(timeoutCallback, 3000);
+
+</script>
+<script src="../../../../js-test-resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbynullcharinstatus_wshpyfromrev199433releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbyprependednull_wshpy"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status_wsh.py (from rev 199433, releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py) (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status_wsh.py (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status_wsh.py 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,50 @@
</span><ins>+# Copyright (C) Research In Motion Limited 2011. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
+# following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following
+# disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
+# following disclaimer in the documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS “AS IS” AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+# APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+# TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+import time
+from mod_pywebsocket import stream
+from mod_pywebsocket.handshake.hybi import compute_accept
+
+
+def web_socket_do_extra_handshake(request):
+ # This simulates a broken server that sends a WebSocket frame before the
+ # handshake, and more frames afterwards. It is important that if this
+ # happens the client does not buffer all the frames as the server continues
+ # to send more data - it should abort after reading a reasonable number of
+ # bytes (set arbitrarily to 1024).
+
+ msg = 'HTTP/1.1 101 Switching \0Protocols\r\n'
+ msg += 'Upgrade: websocket\r\n'
+ msg += 'Connection: Upgrade\r\n'
+ msg += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
+ msg += '\r\n'
+ request.connection.write(msg)
+ # continue writing data until the client disconnects
+ while True:
+ time.sleep(1)
+ numFrames = 1024 / len(frame) # write over 1024 bytes including the above handshake
+ for i in range(0, numFrames):
+ request.connection.write(frame)
+
+
+def web_socket_transfer_data(request):
+ pass
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakefailbyprependednull_wshpy"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py (199433 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py 2016-04-13 08:47:20 UTC (rev 199433)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -19,22 +19,13 @@
</span><span class="cx"> # TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
</span><span class="cx"> # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</span><span class="cx">
</span><del>-
</del><span class="cx"> import time
</span><span class="cx"> from mod_pywebsocket import stream
</span><span class="cx"> from mod_pywebsocket.handshake.hybi import compute_accept
</span><span class="cx">
</span><del>-
</del><span class="cx"> def web_socket_do_extra_handshake(request):
</span><del>- # This simulates a broken server that sends a WebSocket frame before the
- # handshake, and more frames afterwards. It is important that if this
- # happens the client does not buffer all the frames as the server continues
- # to send more data - it should abort after reading a reasonable number of
- # bytes (set arbitrarily to 1024).
- frame = stream.create_text_frame('\0Frame-contains-thirty-two-bytes')
</del><span class="cx">
</span><del>- msg = frame
- msg += 'HTTP/1.1 101 Switching Protocols\r\n'
</del><ins>+ msg = '\0HTTP/1.1 101 Switching Protocols\r\n'
</ins><span class="cx"> msg += 'Upgrade: websocket\r\n'
</span><span class="cx"> msg += 'Connection: Upgrade\r\n'
</span><span class="cx"> msg += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
</span><span class="lines">@@ -47,6 +38,5 @@
</span><span class="cx"> for i in range(0, numFrames):
</span><span class="cx"> request.connection.write(frame)
</span><span class="cx">
</span><del>-
</del><span class="cx"> def web_socket_transfer_data(request):
</span><span class="cx"> pass
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakeokwithhttpversionbeyond1_1expectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,9 @@
</span><ins>+Test whether WebSocket handshake is OK with if server sends status line with http version beyond 1.1.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS handshake_success is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakeokwithhttpversionbeyond1_1html"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,37 @@
</span><ins>+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <script src="../../../../js-test-resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+ description("Test whether WebSocket handshake is OK with if server sends status line with http version beyond 1.1.");
+
+ window.jsTestIsAsync = true;
+
+ var url = "ws://localhost:8880/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1";
+ var handshake_success = false;
+ var ws = new WebSocket(url);
+ var closeEvent;
+
+ function endTest() {
+ clearTimeout(timeoutID);
+ shouldBeTrue("handshake_success");
+ finishJSTest();
+ }
+ ws.onopen = function() {
+ handshake_success = true;
+ ws.close();
+ };
+
+ ws.onclose = function () {
+ endTest();
+ };
+
+ var timeoutID = setTimeout("endTest()", 2000);
+</script>
+<script src="../../../../js-test-resources/js-test-post.js"></script>
+</body>
+</html>
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybihandshakeokwithhttpversionbeyond1_1_wshpy"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1_wsh.py (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1_wsh.py (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1_wsh.py 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+from mod_pywebsocket import handshake
+from mod_pywebsocket import stream
+from mod_pywebsocket.handshake.hybi import compute_accept
+
+
+def web_socket_do_extra_handshake(request):
+ message = 'HTTP/3.0 101 Switching Protocols\r\n'
+ message += 'Upgrade: websocket\r\n'
+ message += 'Connection: Upgrade\r\n'
+ message += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
+ message += '\r\n'
+ request.connection.write(message)
+ raise handshake.AbortedByUserException('Abort the connection') # Prevents pywebsocket from sending its own handshake message.
+
+
+def web_socket_transfer_data(request):
+ pass
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestshttptestswebsockettestshybiresourcesstatus404withoutbodyphp"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/resources/status-404-without-body.php (0 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/resources/status-404-without-body.php (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/websocket/tests/hybi/resources/status-404-without-body.php 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+<?php
+ header('http/1.1 404 Not Found');
+ exit();
+?>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (199433 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-04-13 08:47:20 UTC (rev 199433)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -1,3 +1,29 @@
</span><ins>+2016-03-22 John Wilander <wilander@apple.com>
+
+ Restrict WebSockets header parsing according to RFC6455 and RFC7230. Based on Lamarque V. Souza's original patch.
+ https://bugs.webkit.org/show_bug.cgi?id=82714
+
+ Reviewed by Brent Fulgham.
+
+ Tests: http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html
+ http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html
+ http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html
+ http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html
+ http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html
+ http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html
+ http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html
+ http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html
+
+ * Modules/websockets/WebSocketHandshake.cpp:
+ (WebCore::WebSocketHandshake::httpURLForAuthenticationAndCookies):
+ (WebCore::headerHasValidHTTPVersion):
+ - Check for HTTP version 1.1 and above.
+ (WebCore::WebSocketHandshake::readStatusLine):
+ - Only allow ASCII characters in status line.
+ - Only allow HTTP version 1.1 and above in status line.
+ (WebCore::WebSocketHandshake::readHTTPHeaders):
+ - Only allow ASCII characters in values for new HTTP headers.
+
</ins><span class="cx"> 2016-03-22 Alex Christensen <achristensen@webkit.org>
</span><span class="cx">
</span><span class="cx"> Add null check in CachedResourceLoader::determineRevalidationPolicy
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCoreModuleswebsocketsWebSocketHandshakecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp (199433 => 199434)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp 2016-04-13 08:47:20 UTC (rev 199433)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp 2016-04-13 08:52:20 UTC (rev 199434)
</span><span class="lines">@@ -47,6 +47,7 @@
</span><span class="cx"> #include "ResourceRequest.h"
</span><span class="cx"> #include "ScriptExecutionContext.h"
</span><span class="cx"> #include "SecurityOrigin.h"
</span><ins>+#include <wtf/ASCIICType.h>
</ins><span class="cx"> #include <wtf/CryptographicallyRandomNumber.h>
</span><span class="cx"> #include <wtf/MD5.h>
</span><span class="cx"> #include <wtf/SHA1.h>
</span><span class="lines">@@ -56,6 +57,7 @@
</span><span class="cx"> #include <wtf/text/Base64.h>
</span><span class="cx"> #include <wtf/text/CString.h>
</span><span class="cx"> #include <wtf/text/StringBuilder.h>
</span><ins>+#include <wtf/text/StringView.h>
</ins><span class="cx"> #include <wtf/text/WTFString.h>
</span><span class="cx"> #include <wtf/unicode/CharacterNames.h>
</span><span class="cx">
</span><span class="lines">@@ -390,6 +392,31 @@
</span><span class="cx"> return url;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+// https://tools.ietf.org/html/rfc6455#section-4.1
+// "The HTTP version MUST be at least 1.1."
+static inline bool headerHasValidHTTPVersion(const String& httpVersionString, const size_t headerLength)
+{
+ const size_t posOfHttp = httpVersionString.find("HTTP/");
+ if (posOfHttp == notFound)
+ return false;
+
+ // Check that there is a version number which should be three characters after "HTTP/"
+ const size_t posOfHttpVersionNumberString = posOfHttp + 5;
+ if (posOfHttpVersionNumberString + 3 >= headerLength)
+ return false;
+
+ // Check that the version number is 1.1 or above
+ bool versionNumberIsOneDotOneOrAbove = false;
+ if (httpVersionString.characterAt(posOfHttpVersionNumberString + 1) == '.') {
+ UChar majorVersion = httpVersionString.characterAt(posOfHttpVersionNumberString);
+ UChar minorVersion = httpVersionString.characterAt(posOfHttpVersionNumberString + 2);
+ if ((majorVersion == '1' && minorVersion >= '1' && minorVersion <= '9')
+ || (majorVersion > '1' && majorVersion <= '9' && minorVersion >= '0' && minorVersion <= '9'))
+ versionNumberIsOneDotOneOrAbove = true;
+ }
+ return versionNumberIsOneDotOneOrAbove;
+}
+
</ins><span class="cx"> // Returns the header length (including "\r\n"), or -1 if we have not received enough data yet.
</span><span class="cx"> // If the line is malformed or the status code is not a 3-digit number,
</span><span class="cx"> // statusCode and statusText will be set to -1 and a null string, respectively.
</span><span class="lines">@@ -419,6 +446,9 @@
</span><span class="cx"> // does, so we'll just treat this as an error.
</span><span class="cx"> m_failureReason = "Status line contains embedded null";
</span><span class="cx"> return p + 1 - header;
</span><ins>+ } else if (!isASCII(*p)) {
+ m_failureReason = "Status line contains non-ASCII character";
+ return p + 1 - header;
</ins><span class="cx"> } else if (*p == '\n')
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -443,6 +473,12 @@
</span><span class="cx"> return lineLength;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ String httpVersionString(header, space1 - header);
+ if (!headerHasValidHTTPVersion(httpVersionString, headerLength)) {
+ m_failureReason = "Invalid HTTP version string: " + httpVersionString;
+ return lineLength;
+ }
+
</ins><span class="cx"> String statusCodeString(space1 + 1, space2 - space1 - 1);
</span><span class="cx"> if (statusCodeString.length() != 3) // Status code must consist of three digits.
</span><span class="cx"> return lineLength;
</span><span class="lines">@@ -478,9 +514,19 @@
</span><span class="cx"> if (name.isEmpty())
</span><span class="cx"> break;
</span><span class="cx">
</span><ins>+ // https://tools.ietf.org/html/rfc7230#section-3.2.4
+ // "Newly defined header fields SHOULD limit their field values to US-ASCII octets."
+ if ((equalLettersIgnoringASCIICase(name, "sec-websocket-extensions")
+ || equalLettersIgnoringASCIICase(name, "sec-websocket-accept")
+ || equalLettersIgnoringASCIICase(name, "sec-websocket-protocol"))
+ && !value.containsOnlyASCII()) {
+ m_failureReason = name + " header value should only contain ASCII characters";
+ return nullptr;
+ }
+
</ins><span class="cx"> if (equalLettersIgnoringASCIICase(name, "sec-websocket-extensions")) {
</span><span class="cx"> if (sawSecWebSocketExtensionsHeaderField) {
</span><del>- m_failureReason = "The Sec-WebSocket-Extensions header MUST NOT appear more than once in an HTTP response";
</del><ins>+ m_failureReason = "The Sec-WebSocket-Extensions header must not appear more than once in an HTTP response";
</ins><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><span class="cx"> if (!m_extensionDispatcher.processHeaderValue(value)) {
</span><span class="lines">@@ -490,14 +536,14 @@
</span><span class="cx"> sawSecWebSocketExtensionsHeaderField = true;
</span><span class="cx"> } else if (equalLettersIgnoringASCIICase(name, "sec-websocket-accept")) {
</span><span class="cx"> if (sawSecWebSocketAcceptHeaderField) {
</span><del>- m_failureReason = "The Sec-WebSocket-Accept header MUST NOT appear more than once in an HTTP response";
</del><ins>+ m_failureReason = "The Sec-WebSocket-Accept header must not appear more than once in an HTTP response";
</ins><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><span class="cx"> m_serverHandshakeResponse.addHTTPHeaderField(name, value);
</span><span class="cx"> sawSecWebSocketAcceptHeaderField = true;
</span><span class="cx"> } else if (equalLettersIgnoringASCIICase(name, "sec-websocket-protocol")) {
</span><span class="cx"> if (sawSecWebSocketProtocolHeaderField) {
</span><del>- m_failureReason = "The Sec-WebSocket-Protocol header MUST NOT appear more than once in an HTTP response";
</del><ins>+ m_failureReason = "The Sec-WebSocket-Protocol header must not appear more than once in an HTTP response";
</ins><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><span class="cx"> m_serverHandshakeResponse.addHTTPHeaderField(name, value);
</span></span></pre>
</div>
</div>
</body>
</html>