TYRUS-434: Origin header value sent by the client needs to start with…

… "http". Change-Id: I0bee0b9e6e04be014ad1375370abb4a327ad88de
facundofarias · Oct 25, 2016 · d86f567 · d86f567
1 parent 33e0b7c
commit d86f567
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 7 deletions.
diff --git a/core/src/main/java/org/glassfish/tyrus/core/Handshake.java b/core/src/main/java/org/glassfish/tyrus/core/Handshake.java
@@ -1,7 +1,7 @@
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
- * Copyright (c) 2012-2015 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012-2016 Oracle and/or its affiliates. All rights reserved.
  *
  * The contents of this file are subject to the terms of either the GNU
  * General Public License Version 2 only ("GPL") or the Common Development
@@ -209,7 +209,7 @@ public static void updateHostAndOrigin(final UpgradeRequest upgradeRequest) {
 
         Map<String, List<String>> requestHeaders = upgradeRequest.getHeaders();
         requestHeaders.put(UpgradeRequest.HOST, Collections.singletonList(host));
-        requestHeaders.put(UpgradeRequest.ORIGIN_HEADER, Collections.singletonList(host));
+        requestHeaders.put(UpgradeRequest.ORIGIN_HEADER, Collections.singletonList("http://" + host));
     }
 
     /**

diff --git a/...2e/standard-config/src/test/java/org/glassfish/tyrus/test/standard_config/OriginTest.java b/...2e/standard-config/src/test/java/org/glassfish/tyrus/test/standard_config/OriginTest.java
@@ -1,7 +1,7 @@
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
- * Copyright (c) 2013-2014 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013-2016 Oracle and/or its affiliates. All rights reserved.
  *
  * The contents of this file are subject to the terms of either the GNU
  * General Public License Version 2 only ("GPL") or the Common Development
@@ -67,7 +67,7 @@ public class OriginTest extends TestContainer {
     private static final String SENT_MESSAGE = "Always pass on what you have learned.";
 
     @ServerEndpoint(value = "/echo7", configurator = MyServerConfigurator.class)
-    public static class TestEndpoint {
+    public static class TestEndpointOriginTest1 {
 
         @OnMessage
         public String onMessage(String message) {
@@ -83,9 +83,31 @@ public boolean checkOrigin(String originHeaderValue) {
         }
     }
 
+    @ServerEndpoint(value = "/testEndpointOriginTest2", configurator = AnotherServerConfigurator.class)
+    public static class TestEndpointOriginTest2 {
+
+        @OnMessage
+        public String onMessage(String message) {
+            return message;
+        }
+    }
+
+    public static class AnotherServerConfigurator extends ServerEndpointConfig.Configurator {
+
+        @Override
+        public boolean checkOrigin(String originHeaderValue) {
+
+            if (!originHeaderValue.startsWith("http://")) {
+                return false;
+            } else {
+                return true;
+            }
+        }
+    }
+
     @Test
     public void testInvalidOrigin() throws URISyntaxException, IOException, DeploymentException {
-        Server server = startServer(TestEndpoint.class);
+        Server server = startServer(TestEndpointOriginTest1.class);
 
         try {
             final ClientEndpointConfig cec = ClientEndpointConfig.Builder.create().build();
@@ -96,7 +118,7 @@ public void testInvalidOrigin() throws URISyntaxException, IOException, Deployme
                 @Override
                 public void onOpen(final Session session, EndpointConfig EndpointConfig) {
                 }
-            }, cec, getURI(TestEndpoint.class));
+            }, cec, getURI(TestEndpointOriginTest1.class));
 
             fail("DeploymentException expected.");
         } catch (DeploymentException e) {
@@ -106,4 +128,27 @@ public void onOpen(final Session session, EndpointConfig EndpointConfig) {
             stopServer(server);
         }
     }
-}
+
+    @Test
+    public void testOriginStartsWithHttp() throws URISyntaxException, IOException, DeploymentException {
+        Server server = startServer(TestEndpointOriginTest2.class);
+
+        try {
+            final ClientEndpointConfig cec = ClientEndpointConfig.Builder.create().build();
+
+            ClientManager client = createClient();
+            client.connectToServer(new Endpoint() {
+
+                @Override
+                public void onOpen(final Session session, EndpointConfig EndpointConfig) {
+                }
+            }, cec, getURI(TestEndpointOriginTest2.class));
+
+        } catch (DeploymentException e) {
+            e.printStackTrace();
+            throw e;
+        } finally {
+            stopServer(server);
+        }
+    }
+}