Skip to content
This repository was archived by the owner on Sep 20, 2021. It is now read-only.
This repository was archived by the owner on Sep 20, 2021. It is now read-only.

Malformed header #24

Open
Open
Malformed header#24
Assignees
Pierozi
Labels
bugdifficulty: mediumin progress
@rokha

Description

@rokha
rokha
opened on Dec 30, 2016

Hi,

While working on Hoa\WebSocket I ran into a weird issue where a particular browser instance of chrome was breaking the socket server for all the connected clients. Upon investigation, we realized that the browser was sending malformed (read incomplete) headers. Although couldn't figure out why but realized that it should not be the reason why socket server should break for everyone.

Eventually, we found the reason to be in _parse function of Hoa\Http at this line.

The header I was receiving had the last line clipped before : which caused index not available. An example header is:

GET / HTTP/1.1
Host: pr.newsbytesapp.com:8889
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: http://xx.yyyy.com
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: __unam=a56ccef-15471a9429e-452f979a-2504; AMP_ECID_GOOGLE=amp-ABTfroEKKHPPukDuQQc4mzfNOnfBTUtE4njuK5GdQq74kjG_SM0xuErSuvkLS27b; laravel_acl_sentry=eyJpdiI6ImpjaDBoZU9HbmY3RXVPemMzSHJMTVE9PSIsInZhbHVlIjoiSDVlclRjaW1ydlNLYXhsSTRZd0tkQnpEdURySVB2VzQ1Zlgrc1g3ZzdtdnZ6aW1kZmdiblRURDlpR28zYnVhN2pRSUZhbEZybWp0Z2VvMVFuYW9oVHl5RzZodVJOZXJNTmhQaGJwamdIQUJDWFBLRUpadTk0Vkx3M1JtSGlzSUQiLCJtYWMiOiI5MzQxZDQ4Yjg0MGIyNDYyYjU2N2Y1ZDFjOGMyZmE3MTA2ZDA3MzE1NTg3N2EyZWQzYmZhZDA5YThlNzllNzY5In0%3D; _gat=1; laravel_session=eyJpdiI6IkdzcVNcL2g0b0dxZFkyck8wT1wvN09HUT09IiwidmFsdWUiOiIzODYxUk5ZcEZVXC96b1pITnc5TlhwWnJMamVrankrMVhJaVpWZ2NoTXVQSnV5WHJ0MW4yalRnSVpmQlJmQkRQdHhBMGgyVFl5dnVHOW1FK0JZQld1aGc9PSIsIm1hYyI6IjMxNWJmYmU3ZWY2NzNlYjk0NTMwZWVkMjVhYWU1Y2FkMGZlNjU4Y2FkYTYxN2RkYmQ0MDM3NDRiYTFkNTg0NjIifQ%3D%3D; chch-SI=61CB5ABFCAE3FBC75C27A7B22B4EF5D7; chch-PSI=61CB5ABFCAE3FBC75C27A7B22B4EF5D7; _ga=GA1.2.1418394292.1462195799
Sec-WebSocket-Key: TjO2I+f5Q2SB4bxjQ9hDSA==
Sec-WebSocket-Extens

as you can see Sec-WebSocket-Extensions was missing. I think it is an important issue as one cannot control client behavior.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Metadata

Metadata

Assignees

Labels

bugdifficulty: mediumin progress

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions