[AWS] Bug found in the AWS WebSocket implementation

[Jacob Sparre Andersen]

Pascal Obry wrote:
>> Is there a way to solve this? Have I found a bug? AFAIK this is not 
>> how websockets are supposed to behave. Trying to connect to other 
>> implementations I usually get a plain 404 dumped on me if I try to 
>> connect to unknown addresses. 
> Looks like a bug indeed. It can probably be solved at the time we 
> connect and check for the proper WebSocket constructor. Would be nice 
> to setup a small standalone reproducer, it will help a lot!
Thomas talked me into taking a look at the problem.

In short the problem is that there are no conditions on upgrading a HTTP 
connection to a WebSocket connection.

AWS.Server.HTTP_Utils.Answer_To_Client.Build_Answer has no conditions on 
answering a WebSocket upgrade request with a AWS.Response.WebSocket.

And AWS.Response.WebSocket just builds the response without any 
conditions at all.

If we want clients to be able to listen to any resource name, no matter 
if we have a server-side listener for that resource name, then the 
current design is proper, but it would make sense to have a 
configuration option for limiting which resource names can be upgraded 
to websockets.

A simple test case (on a Unix system):

1) Build and start the "websock" demo coming with AWS.

2) Execute the following commands in a shell (Bash/Zsh):

(cat << DONE
GET /not-echo HTTP/1.1
Host: localhost:8080
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: As84ijXYao/odPmAVgM9uw==
Sec-WebSocket-Version: 13

DONE
;sleep 30) | telnet localhost 8080

The output is:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: WebSocket
Sec-WebSocket-Accept: AvEiV6D0Z+GCJWNH28KIn8zLB4M=

The expected output was:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HTTP/1.1 404 ...

Greetings,

Jacob
-- 
Atheism is a non-prophet organisation.