[erlang-bugs] erlang:decode_packet - wrong parsing of Sec-WebSock-Accept header

Sverker Eriksson <>
Tue Jan 29 15:06:54 CET 2013

> Hi,
> In R15B (erts-5.9) erlang:decode_packet/3 seems to be making an error
> parsing the Sec-WebSock-Accept header
> 43> erlang:decode_packet(httph, <<"Sec-WebSocket-Accept:
> whatever\r\n\r\n">>, []).
> {ok,{http_header,0,"Sec-Websocket-Accept",undefined,
>                  "whatever"},
>     <<"\r\n">>}
> 44>
> One, it doesn't parse it as an atom, but as a string (but that much can be
> guessed from the documentation).
"Recognized request methods and header fields are returned as atoms. 
Others are returned as strings."

As we don't want to create atoms dynamically from arbitrary input, we 
only recognize a constant number of the most common method and field names.
Sec-Websocket-Accept is not one of them, hence returned as a string.

> Two, the character S in WebSocket is parsed as lowercase instead of the
> uppercase it is in the parsed string.
Header names are case insensitive according to HTTP. To ease matching we 
always return unrecognized strings on a format with capital letters only 
first and after hyphen, like "Sec-Websocket-Accept".

/Sverker, Erlang/OTP Ericsson

More information about the erlang-bugs mailing list