The code snippet below is an implementation of the verifyServerhandshakeHeaders method found in WebSocketHandshake.java .
public void verifyServerHandshakeHeaders(HashMap<String, String> headers) { if (!headers.get("Upgrade").toLowerCase(Locale.US).equals("websocket")) { throw new WebSocketException("connection failed: missing header field in server handshake: Upgrade"); } else if (!headers.get("Connection").toLowerCase(Locale.US).equals("upgrade")) { throw new WebSocketException("connection failed: missing header field in server handshake: Connection"); } }
As you can see, if the server does not include the Upgrade HTTP header in the response for opening a handshake (RFC 6455, 4. Opening a handshake ), this code raises a NullPointerException .
In addition, since the headers instance specified by this method creates a new HashMap<String, String>() ( WebSocket.java :360 ), the HTTP headers sent from the server must be case sensitive , although the HTTP specification says: "Field names case insensitive " (RFC 2616, 4.2 Message Headers ). Therefore, for example, if the server sends the Upgrade HTTP header in all uppercase letters such as UPGRADE , TubeSock throws a NullPointerException , although the server behavior is correct.
headers instance must be created
new TreeMap<String, List<String>>(String.CASE_INSENSITIVE_ORDER)
as I indicated in a specific place.
The TubeSock WebSocket implementation does not even check the Sec-WebSocket-Accept header, although verification is required by RFC 6455. See RFC 6455, 4.1. Customer requirements .
Takahiko kawasaki
source share