Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue #3462 - websocket upgrade request valdiation #3470

Conversation

lachlan-roberts
Copy link
Contributor

@lachlan-roberts lachlan-roberts commented Mar 18, 2019

#3462

properly validate subprotocol and extensions on both the server and client sides.

if an upgrade response is being sent or received:

  • all negotiated extensions were present in the offered extensions of the request
  • if a subprotocol is selected make sure it exists in the offered subprotocols
  • if a subprotocol was not selected make sure no subprotocols were offered

Signed-off-by: lachan-roberts <lachlan@webtide.com>
Signed-off-by: lachan-roberts <lachlan@webtide.com>
…otocol

Signed-off-by: lachan-roberts <lachlan@webtide.com>
…ry time

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
…-3462-websocketclient-validation

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
@lachlan-roberts lachlan-roberts force-pushed the jetty-10.0.x-3462-websocketclient-validation branch from 719a358 to 403bdb7 Compare March 19, 2019 00:54
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
@gregw gregw merged commit f037258 into jetty:jetty-10.0.x Mar 19, 2019
@lachlan-roberts lachlan-roberts deleted the jetty-10.0.x-3462-websocketclient-validation branch July 1, 2019 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants