fix(ext/http): allow multiple values in upgrade header for websocket (d…

…enoland#12551)

Co-authored-by: Aaron O'Mullan <[email protected]>

cli/tests/unit/http_test.ts

@@ -726,10 +726,10 @@ unitTest(function httpUpgradeWebSocket() {
  );
 });
 
-unitTest(function httpUpgradeWebSocketLowercaseUpgradeHeader() {
+unitTest(function httpUpgradeWebSocketMultipleConnectionOptions() {
  const request = new Request("https://deno.land/", {
  headers: {
- connection: "upgrade",
+ connection: "keep-alive, upgrade",
  upgrade: "websocket",
  "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
  },
@@ -738,11 +738,11 @@ unitTest(function httpUpgradeWebSocketLowercaseUpgradeHeader() {
  assertEquals(response.status, 101);
 });
 
-unitTest(function httpUpgradeWebSocketMultipleConnectionOptions() {
+unitTest(function httpUpgradeWebSocketMultipleUpgradeOptions() {
  const request = new Request("https://deno.land/", {
  headers: {
- connection: "keep-alive, upgrade",
- upgrade: "websocket",
+ connection: "upgrade",
+ upgrade: "websocket, foo",
  "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
  },
  });
@@ -754,7 +754,7 @@ unitTest(function httpUpgradeWebSocketCaseInsensitiveUpgradeHeader() {
  const request = new Request("https://deno.land/", {
  headers: {
  connection: "upgrade",
- upgrade: "websocket",
+ upgrade: "Websocket",
  "sec-websocket-key": "dGhlIHNhbXBsZSBub25jZQ==",
  },
  });
@@ -775,7 +775,7 @@ unitTest(function httpUpgradeWebSocketInvalidUpgradeHeader() {
  Deno.upgradeWebSocket(request);
  },
  TypeError,
- "Invalid Header: 'upgrade' header must be 'websocket'",
+ "Invalid Header: 'upgrade' header must contain 'websocket'",
  );
 });
 
@@ -791,7 +791,7 @@ unitTest(function httpUpgradeWebSocketWithoutUpgradeHeader() {
  Deno.upgradeWebSocket(request);
  },
  TypeError,
- "Invalid Header: 'upgrade' header must be 'websocket'",
+ "Invalid Header: 'upgrade' header must contain 'websocket'",
  );
 });
 

ext/http/01_http.js

@@ -349,9 +349,14 @@
 
  function upgradeWebSocket(request, options = {}) {
  const upgrade = request.headers.get("upgrade");
- if (!upgrade || StringPrototypeToLowerCase(upgrade) !== "websocket") {
+ const upgradeHasWebSocketOption = upgrade !== null &&
+ ArrayPrototypeSome(
+ StringPrototypeSplit(upgrade, /\s*,\s*/),
+ (option) => StringPrototypeToLowerCase(option) === "websocket",
+ );
+ if (!upgradeHasWebSocketOption) {
  throw new TypeError(
- "Invalid Header: 'upgrade' header must be 'websocket'",
+ "Invalid Header: 'upgrade' header must contain 'websocket'",
  );
  }
 
@@ -363,7 +368,7 @@
  );
  if (!connectionHasUpgradeOption) {
  throw new TypeError(
- "Invalid Header: 'connection' header must be 'Upgrade'",
+ "Invalid Header: 'connection' header must contain 'Upgrade'",
  );
  }
 

ext/http/lib.rs

@@ -332,7 +332,9 @@ fn is_websocket_request(req: &hyper::Request<hyper::Body>) -> bool {
  && req.method() == hyper::Method::GET
  && req.headers().contains_key(&SEC_WEBSOCKET_KEY)
  && header(req.headers(), &SEC_WEBSOCKET_VERSION) == b"13"
- && header(req.headers(), &UPGRADE).eq_ignore_ascii_case(b"websocket")
+ && header(req.headers(), &UPGRADE)
+ .split(|c| *c == b' ' || *c == b',')
+ .any(|token| token.eq_ignore_ascii_case(b"websocket"))
  && header(req.headers(), &CONNECTION)
  .split(|c| *c == b' ' || *c == b',')
  .any(|token| token.eq_ignore_ascii_case(b"upgrade"))