Fix QWebSocketServer for clients preferring lowercase http headers.

QWebSocketServer should not use case-sensitive compare to validate http headers for incoming connections. Change-Id: Ie7b8a9f6ca1a0b547eb7a924f6392395f812b0e3 Task-number: QTBUG-40615 Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>

Fix QWebSocketServer for clients preferring lowercase http headers.
QWebSocketServer should not use case-sensitive compare to validate http headers for incoming connections. Change-Id: Ie7b8a9f6ca1a0b547eb7a924f6392395f812b0e3 Task-number: QTBUG-40615 Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
ea22c846 · Jorma Tähtinen · Jędrzej Nowacki · 9924fc0b · ea22c846 · ea22c846
Commit ea22c846 authored 10 years ago by Jorma Tähtinen Committed by Jędrzej Nowacki 10 years ago
--- a/src/websockets/qwebsockethandshakerequest.cpp
+++ b/src/websockets/qwebsockethandshakerequest.cpp
@@ -218,11 +218,11 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream)
            clear();
            return;
        }
-        m_headers.insertMulti(headerField.at(0), headerField.at(1));
+        m_headers.insertMulti(headerField.at(0).toLower(), headerField.at(1));
        headerLine = textStream.readLine();
    }
-    const QString host = m_headers.value(QStringLiteral("Host"), QString());
+    const QString host = m_headers.value(QStringLiteral("host"), QString());
    m_requestUrl = QUrl::fromEncoded(resourceName.toLatin1());
    if (m_requestUrl.isRelative())
        m_requestUrl.setHost(host);
@@ -231,7 +231,7 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream)
        m_requestUrl.setScheme(scheme);
    }
-    const QStringList versionLines = m_headers.values(QStringLiteral("Sec-WebSocket-Version"));
+    const QStringList versionLines = m_headers.values(QStringLiteral("sec-websocket-version"));
    for (QStringList::const_iterator v = versionLines.begin(); v != versionLines.end(); ++v) {
        const QStringList versions = (*v).split(QStringLiteral(","), QString::SkipEmptyParts);
        for (QStringList::const_iterator i = versions.begin(); i != versions.end(); ++i) {
@@ -248,11 +248,11 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream)
    }
    //sort in descending order
    std::sort(m_versions.begin(), m_versions.end(), std::greater<QWebSocketProtocol::Version>());
-    m_key = m_headers.value(QStringLiteral("Sec-WebSocket-Key"), QString());
+    m_key = m_headers.value(QStringLiteral("sec-websocket-key"), QString());
    //must contain "Upgrade", case-insensitive
-    const QString upgrade = m_headers.value(QStringLiteral("Upgrade"), QString());
+    const QString upgrade = m_headers.value(QStringLiteral("upgrade"), QString());
    //must be equal to "websocket", case-insensitive
-    const QString connection = m_headers.value(QStringLiteral("Connection"), QString());
+    const QString connection = m_headers.value(QStringLiteral("connection"), QString());
    const QStringList connectionLine = connection.split(QStringLiteral(","),
                                                        QString::SkipEmptyParts);
    QStringList connectionValues;
@@ -260,14 +260,14 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream)
        connectionValues << (*c).trimmed();
    //optional headers
-    m_origin = m_headers.value(QStringLiteral("Sec-WebSocket-Origin"), QString());
+    m_origin = m_headers.value(QStringLiteral("sec-websocket-origin"), QString());
-    const QStringList protocolLines = m_headers.values(QStringLiteral("Sec-WebSocket-Protocol"));
+    const QStringList protocolLines = m_headers.values(QStringLiteral("sec-websocket-protocol"));
    for (QStringList::const_iterator pl = protocolLines.begin(); pl != protocolLines.end(); ++pl) {
        QStringList protocols = (*pl).split(QStringLiteral(","), QString::SkipEmptyParts);
        for (QStringList::const_iterator p = protocols.begin(); p != protocols.end(); ++p)
            m_protocols << (*p).trimmed();
    }
-    const QStringList extensionLines = m_headers.values(QStringLiteral("Sec-WebSocket-Extensions"));
+    const QStringList extensionLines = m_headers.values(QStringLiteral("sec-websocket-extensions"));
    for (QStringList::const_iterator el = extensionLines.begin();
         el != extensionLines.end(); ++el) {
        QStringList extensions = (*el).split(QStringLiteral(","), QString::SkipEmptyParts);

--- a/tests/auto/handshakerequest/tst_handshakerequest.cpp
+++ b/tests/auto/handshakerequest/tst_handshakerequest.cpp
@@ -275,11 +275,11 @@ void tst_HandshakeRequest::tst_multipleVersions()
    QCOMPARE(request.extensions().length(), 0);
    QCOMPARE(request.protocols().length(), 0);
    QCOMPARE(request.headers().size(), 5);
-    QVERIFY(request.headers().contains(QStringLiteral("Host")));
+    QVERIFY(request.headers().contains(QStringLiteral("host")));
-    QVERIFY(request.headers().contains(QStringLiteral("Sec-WebSocket-Version")));
+    QVERIFY(request.headers().contains(QStringLiteral("sec-websocket-version")));
-    QVERIFY(request.headers().contains(QStringLiteral("Sec-WebSocket-Key")));
+    QVERIFY(request.headers().contains(QStringLiteral("sec-websocket-key")));
-    QVERIFY(request.headers().contains(QStringLiteral("Upgrade")));
+    QVERIFY(request.headers().contains(QStringLiteral("upgrade")));
-    QVERIFY(request.headers().contains(QStringLiteral("Connection")));
+    QVERIFY(request.headers().contains(QStringLiteral("connection")));
    QCOMPARE(request.key(), QStringLiteral("AVDFBDDFF"));
    QCOMPARE(request.origin().length(), 0);
    QCOMPARE(request.requestUrl(), QUrl("ws://foo.com/test"));