Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

debugger: validate sec-websocket-accept response header #39357

Merged
merged 2 commits into from
Jul 18, 2021

Commits on Jul 18, 2021

  1. debugger: validate sec-websocket-accept response header

    This addresses a TODO to validate that the sec-websocket-accept header
    in the WebSocket handshake response is valid. To do this we need to
    append the WebSocket GUID to the original key sent in sec-websocket-key,
    sha1 hash it, and then compare the base64 encoding with the value sent
    in the sec-websocket-accept response header.
    
    If they don't match, an error is thrown.
    
    PR-URL: nodejs#39357
    Refs: nodejs/node-inspect#93
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    copperwall authored and Trott committed Jul 18, 2021
    Configuration menu
    Copy the full SHA
    f52da94 View commit details
    Browse the repository at this point in the history
  2. test: add test for WebSocket secret verification in debugger

    PR-URL: nodejs#39357
    Refs: nodejs/node-inspect#93
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Trott committed Jul 18, 2021
    Configuration menu
    Copy the full SHA
    36bcc29 View commit details
    Browse the repository at this point in the history