Bug/136 #138

jrconlin · 2020-04-10T18:17:11Z

Description

bug: double amount of allowed headers

Increasing number of security headers pushed the total over the very limited 16

Testing

Attempt to send more than 16 headers for an autopush websocket request.

e.g.

echo '{"messageType":"hello","use_webpush":true}' | /usr/bin/websocat -v \
    --header="Accept: */*" \
    --header="Cache-Control: no-cache" \
    --header="Host: push.services.mozilla.com" \
    --header="Origin: wss://push.services.mozilla.com/" \
    --header="Pragma: no-cache" \
    --header="Sec-Fetch-Dest: websocket" \
    --header="Sec-Fetch-Mode: websocket" \
    --header="Sec-Fetch-Site: cross-site" \
    --header="Sec-WebSocket-Extensions: permessage-deflate" \
    --header="Sec-WebSocket-Protocol: push-notification" \
    --header="Accept-Language: en-US,en;q=0.5" \
    --header="Accept-Encoding: gzip, deflate, br" \
    --header="Jabberwocky: T'was" \
    ws://localhost:8080

Closes #136

Increasing number of security headers pushed the total over the very limited 16 Closes #136

jrconlin added 2 commits April 6, 2020 11:43

bug: double amount of allowed headers

6703381

Increasing number of security headers pushed the total over the very limited 16 Closes #136

f fix circleci

86ea780

jrconlin requested a review from a team April 10, 2020 18:17

f bumpalo update

6e0b149

pjenvey approved these changes Apr 10, 2020

View reviewed changes

jrconlin merged commit 0e272b2 into master Apr 10, 2020

jrconlin deleted the bug/136 branch April 10, 2020 19:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bug/136 #138

Bug/136 #138

jrconlin commented Apr 10, 2020 •

edited

Loading

Bug/136 #138

Bug/136 #138

Conversation

jrconlin commented Apr 10, 2020 • edited Loading

Description

Testing

jrconlin commented Apr 10, 2020 •

edited

Loading