ARI: Fix WebSocket response when subprotocol isn't specified

When I moved the ARI WebSocket from /ws to /ari/events, I added code to
allow a WebSocket to connect without specifying the subprotocol if
there's only one subprotocol handler registered for the WebSocket.

Naively, I coded it to always respond with the subprotocol in use.
Unfortunately, according to RFC 6455, if the server's response includes
a subprotocol header field that "indicates the use of a subprotocol that
was not present in the client's handshake [...], the client MUST _Fail
the WebSocket Connection_.", emphasis theirs.

This patch correctly omits the Sec-WebSocket-Protocol if one is not
specified by the client.

(closes issue ASTERISK-22441)
Review: https://reviewboard.asterisk.org/r/2828/

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@399039 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
index b03745e6f764986928a15b8bc544bdb219d20139..66a6edef177d6c521018ea5247519ff4fb0933ab 100644 (file)
--- a/res/res_http_websocket.c
+++ b/res/res_http_websocket.c
@@ -645,11 +645,25 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
                fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
                        "Upgrade: %s\r\n"
                        "Connection: Upgrade\r\n"
-                       "Sec-WebSocket-Accept: %s\r\n"
-                       "Sec-WebSocket-Protocol: %s\r\n\r\n",
+                       "Sec-WebSocket-Accept: %s\r\n",
                        upgrade,
-                       base64,
-                       protocol_handler->name);
+                       base64);
+
+               /* RFC 6455, Section 4.1:
+                *
+                * 6. If the response includes a |Sec-WebSocket-Protocol| header
+                *    field and this header field indicates the use of a
+                *    subprotocol that was not present in the client's handshake
+                *    (the server has indicated a subprotocol not requested by
+                *    the client), the client MUST _Fail the WebSocket
+                *    Connection_.
+                */
+               if (protocol) {
+                       fprintf(ser->f, "Sec-WebSocket-Protocol: %s\r\n",
+                               protocol);
+               }
+
+               fprintf(ser->f, "\r\n");
        } else {
 
                /* Specification defined in http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75 or completely unknown */