Details
-
Bug
-
Resolution: Done
-
P3: Somewhat important
-
5.4.0
-
None
-
Windows 8.1, Mac 10.9
-
0a42c6aff61142f97b6288b4504357a26ef43855
Description
I have browser plugin that connects to my web socket (non ssl) written in Qt. I want to do some authentication based on origin of request. Correct way for this to handle originAuthenticationRequired signal. But QWebSocketCorsAuthenticator in the slot always returns empty origin.
My request is ( from chrome net internals )
--> GET / HTTP/1.1
Host: localhost:8080
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: chrome-extension://cedihnhifeohmckhgmabjajiblengcak
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Sec-WebSocket-Key: ZyVXN1Xj1rjc1tgeddG8nQ==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Which has a non empty origin.
After some frustration, looked into Qt sources and found the problem in qwebsockethandshakerequest.cpp (line 263).
m_origin = m_headers.value(QStringLiteral("sec-websocket-origin"), QString());
It is not looking for "Origin" header at all.
Can we expect a fix in 5.4.1