From: Jorma Tähtinen <Jorma.Tahtinen@digia.com>
Date: Wed, 6 Aug 2014 13:12:54 +0000 (+0300)
Subject: Fix QWebSocketServer for clients preferring lowercase http headers.
X-Git-Tag: v5.4.0-beta1~2
X-Git-Url: http://review.tizen.org/git/?p=contrib%2Fqtwebsockets.git;a=commitdiff_plain;h=ea22c846b285ee4f71efc0fc050a4759880433a8

Fix QWebSocketServer for clients preferring lowercase http headers.

QWebSocketServer should not use case-sensitive compare to validate
http headers for incoming connections.

Change-Id: Ie7b8a9f6ca1a0b547eb7a924f6392395f812b0e3
Task-number: QTBUG-40615
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
---

diff --git a/src/websockets/qwebsockethandshakerequest.cpp b/src/websockets/qwebsockethandshakerequest.cpp
index c71984f..2476a81 100644
--- a/src/websockets/qwebsockethandshakerequest.cpp
+++ b/src/websockets/qwebsockethandshakerequest.cpp
@@ -218,11 +218,11 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream)
             clear();
             return;
         }
-        m_headers.insertMulti(headerField.at(0), headerField.at(1));
+        m_headers.insertMulti(headerField.at(0).toLower(), headerField.at(1));
         headerLine = textStream.readLine();
     }
 
-    const QString host = m_headers.value(QStringLiteral("Host"), QString());
+    const QString host = m_headers.value(QStringLiteral("host"), QString());
     m_requestUrl = QUrl::fromEncoded(resourceName.toLatin1());
     if (m_requestUrl.isRelative())
         m_requestUrl.setHost(host);
@@ -231,7 +231,7 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream)
         m_requestUrl.setScheme(scheme);
     }
 
-    const QStringList versionLines = m_headers.values(QStringLiteral("Sec-WebSocket-Version"));
+    const QStringList versionLines = m_headers.values(QStringLiteral("sec-websocket-version"));
     for (QStringList::const_iterator v = versionLines.begin(); v != versionLines.end(); ++v) {
         const QStringList versions = (*v).split(QStringLiteral(","), QString::SkipEmptyParts);
         for (QStringList::const_iterator i = versions.begin(); i != versions.end(); ++i) {
@@ -248,11 +248,11 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream)
     }
     //sort in descending order
     std::sort(m_versions.begin(), m_versions.end(), std::greater<QWebSocketProtocol::Version>());
-    m_key = m_headers.value(QStringLiteral("Sec-WebSocket-Key"), QString());
+    m_key = m_headers.value(QStringLiteral("sec-websocket-key"), QString());
     //must contain "Upgrade", case-insensitive
-    const QString upgrade = m_headers.value(QStringLiteral("Upgrade"), QString());
+    const QString upgrade = m_headers.value(QStringLiteral("upgrade"), QString());
     //must be equal to "websocket", case-insensitive
-    const QString connection = m_headers.value(QStringLiteral("Connection"), QString());
+    const QString connection = m_headers.value(QStringLiteral("connection"), QString());
     const QStringList connectionLine = connection.split(QStringLiteral(","),
                                                         QString::SkipEmptyParts);
     QStringList connectionValues;
@@ -260,14 +260,14 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream)
         connectionValues << (*c).trimmed();
 
     //optional headers
-    m_origin = m_headers.value(QStringLiteral("Sec-WebSocket-Origin"), QString());
-    const QStringList protocolLines = m_headers.values(QStringLiteral("Sec-WebSocket-Protocol"));
+    m_origin = m_headers.value(QStringLiteral("sec-websocket-origin"), QString());
+    const QStringList protocolLines = m_headers.values(QStringLiteral("sec-websocket-protocol"));
     for (QStringList::const_iterator pl = protocolLines.begin(); pl != protocolLines.end(); ++pl) {
         QStringList protocols = (*pl).split(QStringLiteral(","), QString::SkipEmptyParts);
         for (QStringList::const_iterator p = protocols.begin(); p != protocols.end(); ++p)
             m_protocols << (*p).trimmed();
     }
-    const QStringList extensionLines = m_headers.values(QStringLiteral("Sec-WebSocket-Extensions"));
+    const QStringList extensionLines = m_headers.values(QStringLiteral("sec-websocket-extensions"));
     for (QStringList::const_iterator el = extensionLines.begin();
          el != extensionLines.end(); ++el) {
         QStringList extensions = (*el).split(QStringLiteral(","), QString::SkipEmptyParts);
diff --git a/tests/auto/handshakerequest/tst_handshakerequest.cpp b/tests/auto/handshakerequest/tst_handshakerequest.cpp
index 6e26af4..3e6ec40 100644
--- a/tests/auto/handshakerequest/tst_handshakerequest.cpp
+++ b/tests/auto/handshakerequest/tst_handshakerequest.cpp
@@ -275,11 +275,11 @@ void tst_HandshakeRequest::tst_multipleVersions()
     QCOMPARE(request.extensions().length(), 0);
     QCOMPARE(request.protocols().length(), 0);
     QCOMPARE(request.headers().size(), 5);
-    QVERIFY(request.headers().contains(QStringLiteral("Host")));
-    QVERIFY(request.headers().contains(QStringLiteral("Sec-WebSocket-Version")));
-    QVERIFY(request.headers().contains(QStringLiteral("Sec-WebSocket-Key")));
-    QVERIFY(request.headers().contains(QStringLiteral("Upgrade")));
-    QVERIFY(request.headers().contains(QStringLiteral("Connection")));
+    QVERIFY(request.headers().contains(QStringLiteral("host")));
+    QVERIFY(request.headers().contains(QStringLiteral("sec-websocket-version")));
+    QVERIFY(request.headers().contains(QStringLiteral("sec-websocket-key")));
+    QVERIFY(request.headers().contains(QStringLiteral("upgrade")));
+    QVERIFY(request.headers().contains(QStringLiteral("connection")));
     QCOMPARE(request.key(), QStringLiteral("AVDFBDDFF"));
     QCOMPARE(request.origin().length(), 0);
     QCOMPARE(request.requestUrl(), QUrl("ws://foo.com/test"));