mirror of
https://github.com/superseriousbusiness/gotosocial
synced 2024-11-10 06:54:16 +00:00
[bugfix] send back Sec-Websocket-Protocol header for streaming WebSocket (#3169)
* [bugfix] send back Sec-Websocket-Protocol header for streaming WebSocket Chrome expects the selected Sec-Websocket-Protocol to be sent back on the WebSocket upgrade request (RFC6455 1.9). * fiddle a bit to avoid getting headers multiple times * add some explanatory notes --------- Co-authored-by: tobi <tobi.smethurst@protonmail.com>
This commit is contained in:
parent
b78be9fd4a
commit
4697271cef
2 changed files with 29 additions and 10 deletions
|
@ -19,6 +19,7 @@ package streaming
|
|||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"slices"
|
||||
"time"
|
||||
|
||||
|
@ -151,15 +152,24 @@ import (
|
|||
// description: bad request
|
||||
func (m *Module) StreamGETHandler(c *gin.Context) {
|
||||
var (
|
||||
account *gtsmodel.Account
|
||||
errWithCode gtserror.WithCode
|
||||
token string
|
||||
tokenInHeader bool
|
||||
account *gtsmodel.Account
|
||||
errWithCode gtserror.WithCode
|
||||
)
|
||||
|
||||
// Try query param access token.
|
||||
token := c.Query(AccessTokenQueryKey)
|
||||
if token == "" {
|
||||
// Try fallback HTTP header provided token.
|
||||
token = c.GetHeader(AccessTokenHeader)
|
||||
if t := c.Query(AccessTokenQueryKey); t != "" {
|
||||
// Token was provided as
|
||||
// query param, no problem.
|
||||
token = t
|
||||
} else if t := c.GetHeader(AccessTokenHeader); t != "" {
|
||||
// Token was provided in "Sec-Websocket-Protocol" header.
|
||||
//
|
||||
// This is hacky and not technically correct but some
|
||||
// clients do it since Mastodon allows it, so we must
|
||||
// also allow it to avoid breaking expectations.
|
||||
token = t
|
||||
tokenInHeader = true
|
||||
}
|
||||
|
||||
if token != "" {
|
||||
|
@ -230,7 +240,16 @@ func (m *Module) StreamGETHandler(c *gin.Context) {
|
|||
//
|
||||
// If the upgrade fails, then Upgrade replies to the client
|
||||
// with an HTTP error response.
|
||||
wsConn, err := m.wsUpgrade.Upgrade(c.Writer, c.Request, nil)
|
||||
var responseHeader http.Header
|
||||
if tokenInHeader {
|
||||
// Return the token in the response,
|
||||
// else Chrome fails to connect.
|
||||
//
|
||||
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Protocol_upgrade_mechanism#sec-websocket-protocol
|
||||
responseHeader = http.Header{AccessTokenHeader: {token}}
|
||||
}
|
||||
|
||||
wsConn, err := m.wsUpgrade.Upgrade(c.Writer, c.Request, responseHeader)
|
||||
if err != nil {
|
||||
l.Errorf("error upgrading websocket connection: %v", err)
|
||||
stream.Close()
|
||||
|
|
|
@ -22,7 +22,7 @@ import (
|
|||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
|
@ -236,7 +236,7 @@ func (suite *StreamingTestSuite) TestSecurityHeader() {
|
|||
|
||||
result := recorder.Result()
|
||||
defer result.Body.Close()
|
||||
b, err := ioutil.ReadAll(result.Body)
|
||||
b, err := io.ReadAll(result.Body)
|
||||
suite.NoError(err)
|
||||
|
||||
// check response
|
||||
|
|
Loading…
Reference in a new issue