When establishing a WebSocket, handle empty Host header
#102
Comments
|
Incidentally this can cause any HTTP/1.0 call without a host on its header to hang indefinitely. Making socko very vulnerable to DDoS. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I found this because our production environment is logging a lot of these exceptions. It appears that some clients are sending malformed requests to initiate a WebSocket session. Socko seems to report this as 500 and logs an exception, however it should report 400.
Specifically, the problem is on this line: https://github.com/mashupbots/socko/blob/master/socko-webserver/src/main/scala/org/mashupbots/socko/events/HttpRequestMessage.scala#L129
From glancing through Netty source code, it looks like
getHostwill returnnullwhen theHostheader is absent. I was going to send a pull request for this issue but I'm not familiar enough with Socko to know the proper place to check for & report the error.The text was updated successfully, but these errors were encountered: