[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[elpa] externals/websocket 28e55d5654 015/114: Fix misuse of same-origin
|
From: |
ELPA Syncer |
|
Subject: |
[elpa] externals/websocket 28e55d5654 015/114: Fix misuse of same-origin policy |
|
Date: |
Wed, 15 Feb 2023 20:58:56 -0500 (EST) |
branch: externals/websocket
commit 28e55d565474af0f3ec7abb42daa4bc4a3ea2b4e
Author: Andrew Hyatt <ahyatt@gmail.com>
Commit: Andrew Hyatt <ahyatt@gmail.com>
Fix misuse of same-origin policy
Due to a misapplication of the websocket RFC, we were sending the
system name as the origin, instead of the hostname. It turns out that
it should be fine not to even send the origin at all, since there's not
a possibility of cross-origin issues with emacs.
---
websocket-test.el | 6 +-----
websocket.el | 2 --
2 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/websocket-test.el b/websocket-test.el
index e51d440069..442710bfdb 100644
--- a/websocket-test.el
+++ b/websocket-test.el
@@ -193,12 +193,10 @@
(websocket-negotiated-extensions ws-with-extensions)))))
(ert-deftest websocket-create-headers ()
- (let ((system-name "mysystem")
- (base-headers (concat "Host: www.example.com\r\n"
+ (let ((base-headers (concat "Host: www.example.com\r\n"
"Upgrade: websocket\r\n"
"Connection: Upgrade\r\n"
"Sec-WebSocket-Key: key\r\n"
- "Origin: mysystem\r\n"
"Sec-WebSocket-Version: 13\r\n")))
(should (equal (concat base-headers "\r\n")
(websocket-create-headers "ws://www.example.com/path"
@@ -423,7 +421,6 @@
(upgrade "Upgrade: websocket")
(key (format "Sec-Websocket-Key: %s" "key"))
(version "Sec-Websocket-Version: 13")
- (origin "Origin: origin")
(protocol "Sec-Websocket-Protocol: protocol")
(extensions1 "Sec-Websocket-Extensions: foo")
(extensions2 "Sec-Websocket-Extensions: bar; baz=2")
@@ -529,7 +526,6 @@
"Upgrade: websocket\r\n"
"Connection: Upgrade\r\n"
"Sec-WebSocket-Key:
dGhlIHNhbXBsZSBub25jZQ==\r\n"
- "Origin: http://example.com\r\n";
"Sec-WebSocket-Protocol: chat,
superchat\r\n"
"Sec-WebSocket-Version: 13\r\n"))))
(should header-info)
diff --git a/websocket.el b/websocket.el
index 72c1fd5dd0..a62c40b66a 100644
--- a/websocket.el
+++ b/websocket.el
@@ -856,7 +856,6 @@ These are defined as in `websocket-open'."
"Upgrade: websocket\r\n"
"Connection: Upgrade\r\n"
"Sec-WebSocket-Key: %s\r\n"
- "Origin: %s\r\n"
"Sec-WebSocket-Version: 13\r\n"
(when protocol
(concat
@@ -876,7 +875,6 @@ These are defined as in `websocket-open'."
"\r\n")
(url-host (url-generic-parse-url url))
key
- system-name
protocol))
(defun websocket-get-server-response (websocket client-protocols
client-extensions)
- [elpa] externals/websocket 2bfc3036f6 004/114: Handle on-close for all varieties of websocket closings., (continued)
- [elpa] externals/websocket 2bfc3036f6 004/114: Handle on-close for all varieties of websocket closings., ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 0dd3175fa7 003/114: Fix tests to handle extra argument to websocket-encode-frame., ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 5f7decd210 006/114: Fix for on-close in websocket test, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 4ca9d4d32a 009/114: Set the version to 1.2, after the last set of server changes., ELPA Syncer, 2023/02/15
- [elpa] externals/websocket f902bc04db 010/114: * websocket.el: Fix process-coding-system for client connections., ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 6da0627a10 002/114: Correctly set websocket-server-p, and don't mask server communication., ELPA Syncer, 2023/02/15
- [elpa] externals/websocket ee7797234b 012/114: * websocket.el: Throw clear error when connection cannot be made., ELPA Syncer, 2023/02/15
- [elpa] externals/websocket ef975a91f1 008/114: Restore a bit of testing I accidentally deleted., ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 8d0ca79cd3 036/114: Have functional test use :host 'local, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 97b7418dae 013/114: Permit non-numeric port number in websocket-server, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 28e55d5654 015/114: Fix misuse of same-origin policy,
ELPA Syncer <=
- [elpa] externals/websocket b9ae25843a 016/114: Fix breaking test., ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 01c8d98f69 011/114: * websocket.el: Remove use of buffers in connections. This simplifies, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 111febe203 020/114: Fix `websocket-version': update to 1.3, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 9aad2f754f 022/114: Add supports for <32 bit emacs., ELPA Syncer, 2023/02/15
- [elpa] externals/websocket dba6893ec5 023/114: Bump version to 1.4, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 965fac0fe5 027/114: add markdown preview mode, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 49a93b2218 028/114: Merge pull request #39 from ancane/master, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 90b9f03da0 029/114: Correctly parse fragmented HTTP header, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 8299e57a4c 033/114: Function test improvements for Windows: SIGSTP, ELPA Syncer, 2023/02/15
- [elpa] externals/websocket 4f8ddb64bc 034/114: Merge pull request #43 from chwarr/func-test-windows-sigstp, ELPA Syncer, 2023/02/15