Fix HTTP/2 CONNECT WebSocket upgrades (RFC 8441)

spring-projects · Feb 3, 2025 · e2bf022 · e2bf022
1 parent f477c16
commit e2bf022
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 15 deletions.
diff --git a/spring-websocket/src/main/java/org/springframework/web/socket/WebSocketHttpHeaders.java b/spring-websocket/src/main/java/org/springframework/web/socket/WebSocketHttpHeaders.java
@@ -151,7 +151,7 @@ public void setSecWebSocketProtocol(List<String> secWebSocketProtocols) {
 	}
 
 	/**
-	 * Returns the value of the {@code Sec-WebSocket-Key} header.
+	 * Returns the value of the {@code Sec-WebSocket-Protocol} header.
 	 * @return the value of the header
 	 */
 	public List<String> getSecWebSocketProtocol() {

diff --git a/...src/main/java/org/springframework/web/socket/server/support/AbstractHandshakeHandler.java b/...src/main/java/org/springframework/web/socket/server/support/AbstractHandshakeHandler.java
@@ -215,21 +215,23 @@ public final boolean doHandshake(ServerHttpRequest request, ServerHttpResponse r
 		}
 		try {
 			HttpMethod httpMethod = request.getMethod();
-			if (HttpMethod.GET != httpMethod && CONNECT_METHOD != httpMethod) {
+			if (HttpMethod.GET != httpMethod && !CONNECT_METHOD.equals(httpMethod)) {
 				response.setStatusCode(HttpStatus.METHOD_NOT_ALLOWED);
 				response.getHeaders().setAllow(Set.of(HttpMethod.GET, CONNECT_METHOD));
 				if (logger.isErrorEnabled()) {
 					logger.error("Handshake failed due to unexpected HTTP method: " + httpMethod);
 				}
 				return false;
 			}
-			if (!"WebSocket".equalsIgnoreCase(headers.getUpgrade())) {
-				handleInvalidUpgradeHeader(request, response);
-				return false;
-			}
-			if (!headers.getConnection().contains("Upgrade") && !headers.getConnection().contains("upgrade")) {
-				handleInvalidConnectHeader(request, response);
-				return false;
+			if (HttpMethod.GET == httpMethod) {
+				if (!"WebSocket".equalsIgnoreCase(headers.getUpgrade())) {
+					handleInvalidUpgradeHeader(request, response);
+					return false;
+				}
+				if (!headers.getConnection().contains("Upgrade") && !headers.getConnection().contains("upgrade")) {
+					handleInvalidConnectHeader(request, response);
+					return false;
+				}
 			}
 			if (!isWebSocketVersionSupported(headers)) {
 				handleWebSocketVersionNotSupported(request, response);
@@ -239,13 +241,15 @@ public final boolean doHandshake(ServerHttpRequest request, ServerHttpResponse r
 				response.setStatusCode(HttpStatus.FORBIDDEN);
 				return false;
 			}
-			String wsKey = headers.getSecWebSocketKey();
-			if (wsKey == null) {
-				if (logger.isErrorEnabled()) {
-					logger.error("Missing \"Sec-WebSocket-Key\" header");
+			if (HttpMethod.GET == httpMethod) {
+				String wsKey = headers.getSecWebSocketKey();
+				if (wsKey == null) {
+					if (logger.isErrorEnabled()) {
+						logger.error("Missing \"Sec-WebSocket-Key\" header");
+					}
+					response.setStatusCode(HttpStatus.BAD_REQUEST);
+					return false;
 				}
-				response.setStatusCode(HttpStatus.BAD_REQUEST);
-				return false;
 			}
 		}
 		catch (IOException ex) {