fix(server): fix header check for socket server

[knagaitsev]

• This is a bugfix
• This is a feature
• This is a code refactor
• This is a test update
• This is a docs update
• This is a metadata update

For Bugs and Features; did you add new tests?

Not yet

Motivation / Use-Case

Headers are not passed in the same way on connection for ws and sockjs, so the socket server implementation needs to reflect that, then the server can check the headers.

Breaking Changes

None

Additional Info

[codecov]

Codecov Report

Merging #2077 into master will increase coverage by 0.35%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #2077      +/-   ##
==========================================
+ Coverage   92.92%   93.27%   +0.35%     
==========================================
  Files          32       32              
  Lines        1201     1205       +4     
  Branches      335      333       -2     
==========================================
+ Hits         1116     1124       +8     
+ Misses         81       77       -4     
  Partials        4        4

Impacted Files	Coverage Δ
lib/Server.js	93.62% <100%> (+0.84%)	⬆️
lib/servers/WebsocketServer.js	94.11% <100%> (+1.26%)	⬆️
lib/servers/SockJSServer.js	96.66% <100%> (+0.37%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 96b5ab9...e0b0027. Read the comment docs.

[alexander-akait]

Why we need this?

[knagaitsev]

@evilebottnawi As I say later, I want to not assume anything about the connection object. Probably most connection objects will work like connection.on('close', f), which is the case with both sockjs and ws. But maybe some other library implements it like connection.onclose = f.

[alexander-akait]

Why not use only connection?

[knagaitsev]

@evilebottnawi Because ws connection object does not work the same, it does not have a headers property (https://github.com/webpack/webpack-dev-server/pull/2077/files#diff-b111fb9e1bc06a00edb8d0416cabf86dR33). The goal is to not assume anything about the connection object, since it could differ between socket server types.

[alexander-akait]

connection already has headers, i think we don't need extra argument

[alexander-akait]

Only questions

[alexander-akait]

/cc @hiroppy

[knagaitsev]

/cc @evilebottnawi @hiroppy please review this first because it is needed for ws mode to work

[alexander-akait]

/cc @hiroppy

[alexander-akait]

/cc @hiroppy feel free to merge when CI green, i am on mobile

[sokra]

This looks like it's too easy to accidentally skip the security check.

Maybe changing it to if (!headers || ...

[knagaitsev]

@sokra Good point. I think if users do not implement onConnection correctly though, it will be hard to figure out what is wrong. Maybe before that I'll log a warning if headers are missing.

[alexander-akait]

@Loonride it should be no warning, we should drop connection if headers are not present

[knagaitsev]

@evilebottnawi If !headers is true it means that the user made a socket server implementation that did not call the onConnection(f) callback correctly, so I think that could cause confusion if there is little explanation for failed connection. Let me send a PR and I'll show you what I mean

[alexander-akait]

👍

[alexander-akait]

/cc @Loonride