Don't advertise support for non-working connection upgrade.

ioquatix · ioquatix · commit e136f27442b7 · 2024-07-02T10:25:15.000+09:00
diff --git a/lib/pitchfork/http_parser.rb b/lib/pitchfork/http_parser.rb
@@ -93,9 +93,34 @@ def read(socket)
       e['pitchfork.socket'] = socket
       e['rack.hijack'] = self
 
+      # We don't support connection upgrade:
+      remove_connection_upgrade(e)
+
       e.merge!(DEFAULTS)
     end
 
+    def remove_connection_upgrade(env)
+      connection_header = env['HTTP_CONNECTION']
+      return unless connection_header
+    
+      # Split the header value by comma to handle cases where there are multiple connection options:
+      connection_values = connection_header.split(',').map(&:strip)
+    
+      # Remove the "upgrade" value
+      connection_values.reject! { |value| value.downcase == 'upgrade' }
+    
+      if connection_values.empty?
+        # If no other values are left, delete the header
+        env.delete('HTTP_CONNECTION')
+      else
+        # Otherwise, update the header with the remaining values
+        env['HTTP_CONNECTION'] = connection_values.join(', ')
+      end
+
+      # Delete the HTTP_UPGRADE header if it exists
+      env.delete('HTTP_UPGRADE')
+    end
+
     # for rack.hijack, we respond to this method so no extra allocation
     # of a proc object
     def call
diff --git a/test/integration/test_http_basic.rb b/test/integration/test_http_basic.rb
@@ -136,4 +136,28 @@ def test_write_on_close
 
     assert_clean_shutdown(pid)
   end
+
+  def test_http_upgrade
+    addr, port = unused_port
+
+    pid = spawn_server(app: File.join(ROOT, "test/integration/upgrade.ru"), config: <<~CONFIG)
+      listen "#{addr}:#{port}"
+      worker_processes 1
+    CONFIG
+
+    assert_healthy("http://#{addr}:#{port}")
+
+    Net::HTTP.start(addr, port) do |http|
+      request = Net::HTTP::Get.new("/")
+      request["Connection"] = "Upgrade"
+      request["Upgrade"] = "websocket"
+
+      # It should not be connection upgrade:
+      response = http.request(request)
+      assert_equal "200", response.code
+      assert_equal "Normal response", response.body
+    end
+
+    assert_clean_shutdown(pid)
+  end
 end
diff --git a/test/integration/upgrade.ru b/test/integration/upgrade.ru
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+run lambda { |env|
+  if env['HTTP_UPGRADE']
+    [404, {}, ["Upgrade not supported"]]
+  else
+    [200, {}, ["Normal response"]]
+  end
+}
