From 4c5b3a6ee592b89f5fa98f709ba543501b70f5d5 Mon Sep 17 00:00:00 2001
From: Jonathan Coates <git@squiddev.cc>
Date: Mon, 31 Oct 2022 17:46:02 +0000
Subject: [PATCH] Clear Origin header on websockets

Technically this removes Sec-Websocket-Origin, as that's what the
current version of Netty uses. We'll need to change this on 1.18+.

Closes ##1197.
---
 .../NoOriginWebSocketHanshakder.java          | 39 +++++++++++++++++++
 .../core/apis/http/websocket/Websocket.java   |  3 +-
 2 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 src/main/java/dan200/computercraft/core/apis/http/websocket/NoOriginWebSocketHanshakder.java

diff --git a/src/main/java/dan200/computercraft/core/apis/http/websocket/NoOriginWebSocketHanshakder.java b/src/main/java/dan200/computercraft/core/apis/http/websocket/NoOriginWebSocketHanshakder.java
new file mode 100644
index 000000000..b08944112
--- /dev/null
+++ b/src/main/java/dan200/computercraft/core/apis/http/websocket/NoOriginWebSocketHanshakder.java
@@ -0,0 +1,39 @@
+/*
+ * This file is part of ComputerCraft - http://www.computercraft.info
+ * Copyright Daniel Ratcliffe, 2011-2022. Do not distribute without permission.
+ * Send enquiries to dratcliffe@gmail.com
+ */
+package dan200.computercraft.core.apis.http.websocket;
+
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpHeaderNames;
+import io.netty.handler.codec.http.HttpHeaders;
+import io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13;
+import io.netty.handler.codec.http.websocketx.WebSocketVersion;
+
+import java.net.URI;
+
+/**
+ * A version of {@link WebSocketClientHandshaker13} which doesn't add the {@link HttpHeaderNames#SEC_WEBSOCKET_ORIGIN}
+ * header to the original HTTP request.
+ */
+public class NoOriginWebSocketHanshakder extends WebSocketClientHandshaker13
+{
+    public NoOriginWebSocketHanshakder( URI webSocketURL, WebSocketVersion version, String subprotocol, boolean allowExtensions, HttpHeaders customHeaders, int maxFramePayloadLength )
+    {
+        super( webSocketURL, version, subprotocol, allowExtensions, customHeaders, maxFramePayloadLength );
+    }
+
+    @Override
+    protected FullHttpRequest newHandshakeRequest()
+    {
+        FullHttpRequest request = super.newHandshakeRequest();
+        HttpHeaders headers = request.headers();
+
+        if( !customHeaders.contains( HttpHeaderNames.SEC_WEBSOCKET_ORIGIN ) )
+        {
+            headers.remove( HttpHeaderNames.SEC_WEBSOCKET_ORIGIN );
+        }
+        return request;
+    }
+}
diff --git a/src/main/java/dan200/computercraft/core/apis/http/websocket/Websocket.java b/src/main/java/dan200/computercraft/core/apis/http/websocket/Websocket.java
index 55dd35f3f..fc352b397 100644
--- a/src/main/java/dan200/computercraft/core/apis/http/websocket/Websocket.java
+++ b/src/main/java/dan200/computercraft/core/apis/http/websocket/Websocket.java
@@ -26,7 +26,6 @@ import io.netty.handler.codec.http.HttpHeaderNames;
 import io.netty.handler.codec.http.HttpHeaders;
 import io.netty.handler.codec.http.HttpObjectAggregator;
 import io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker;
-import io.netty.handler.codec.http.websocketx.WebSocketClientHandshakerFactory;
 import io.netty.handler.codec.http.websocketx.WebSocketVersion;
 import io.netty.handler.ssl.SslContext;
 
@@ -152,7 +151,7 @@ public class Websocket extends Resource<Websocket>
                         }
 
                         String subprotocol = headers.get( HttpHeaderNames.SEC_WEBSOCKET_PROTOCOL );
-                        WebSocketClientHandshaker handshaker = WebSocketClientHandshakerFactory.newHandshaker(
+                        WebSocketClientHandshaker handshaker = new NoOriginWebSocketHanshakder(
                             uri, WebSocketVersion.V13, subprotocol, true, headers,
                             options.websocketMessage <= 0 ? MAX_MESSAGE_SIZE : options.websocketMessage
                         );