[erlang-bugs] erlang:decode_packet - wrong parsing of Sec-WebSock-Accept header

Sverker Eriksson sverker.eriksson@REDACTED
Tue Jan 29 15:06:54 CET 2013


arif@REDACTED wrote:
> Hi,
>
> In R15B (erts-5.9) erlang:decode_packet/3 seems to be making an error
> parsing the Sec-WebSock-Accept header
>
> 43> erlang:decode_packet(httph, <<"Sec-WebSocket-Accept:
> whatever\r\n\r\n">>, []).
> {ok,{http_header,0,"Sec-Websocket-Accept",undefined,
>                  "whatever"},
>     <<"\r\n">>}
> 44>
>
> One, it doesn't parse it as an atom, but as a string (but that much can be
> guessed from the documentation).
>
>   
"Recognized request methods and header fields are returned as atoms. 
Others are returned as strings."

As we don't want to create atoms dynamically from arbitrary input, we 
only recognize a constant number of the most common method and field names.
Sec-Websocket-Accept is not one of them, hence returned as a string.


> Two, the character S in WebSocket is parsed as lowercase instead of the
> uppercase it is in the parsed string.
>
>   
Header names are case insensitive according to HTTP. To ease matching we 
always return unrecognized strings on a format with capital letters only 
first and after hyphen, like "Sec-Websocket-Accept".


/Sverker, Erlang/OTP Ericsson





More information about the erlang-bugs mailing list