Skip to content

Commit

Permalink
do not echo back full request headers on http-upgrade
Browse files Browse the repository at this point in the history
  • Loading branch information
@mpenet
mpenet committed Dec 1, 2023
1 parent aee1be8 commit 7f91b61
Showing 1 changed file with 7 additions and 9 deletions.
16 changes: 7 additions & 9 deletions src/s_exp/hirundo/websocket/listener.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,17 +33,16 @@

(defn- header-negotiate
[headers allowed-values header-name]
(if (seq allowed-values)
(when (seq allowed-values)
(if-let [selected-value (reduce (fn [_ x]
(when (contains? allowed-values x)
(reduced x)))
nil
(some-> (get headers header-name)
split-header-value))]
(assoc headers header-name selected-value)
{header-name selected-value}
(throw (WsUpgradeException. (format "Failed negotiation for %s"
header-name))))
headers))
header-name))))))

(defn negotiate-subprotocols!
[headers allowed-sub-protocols]
Expand All @@ -61,9 +60,10 @@
[{:as ring-request
::keys [allowed-subprotocols
allowed-extensions]}]
(-> (:headers ring-request)
(negotiate-subprotocols! allowed-subprotocols)
(negotiate-extensions! allowed-extensions)))
(merge (negotiate-subprotocols! (:headers ring-request)
allowed-subprotocols)
(negotiate-extensions! (:headers ring-request)
allowed-extensions)))

(defn headers-response [headers-map]
(let [wh (WritableHeaders/create)]
Expand Down Expand Up @@ -116,5 +116,3 @@
(if http-upgrade
(http-upgrade ring-request)
(http-upgrade-default ring-request))))))))


0 comments on commit 7f91b61

Please sign in to comment.