Require http/https protocol for WebSocket upgrades

Author: mrbbot

packages/core/src/standards/http.ts

@@ -477,12 +477,7 @@ export function createCompatFetch(
         ? input.url
         : input.toString()
     );
-    if (
-      url.protocol !== "http:" &&
-      url.protocol !== "https:" &&
-      url.protocol !== "ws:" &&
-      url.protocol !== "wss:"
-    ) {
+    if (url.protocol !== "http:" && url.protocol !== "https:") {
       if (refusesUnknown) {
         throw new TypeError(`Fetch API cannot load: ${url.toString()}`);
       } else {

packages/core/test/standards/http.spec.ts

@@ -610,15 +610,13 @@ test("createCompatFetch: refuses unknown protocols if compatibility flag enabled
     message: `Fetch API cannot load: ${upstream.toString()}`,
   });
 });
-test("createCompatFetch: recognises http, https, ws, and wss as known protocols", async (t) => {
+test("createCompatFetch: recognises http and https as known protocols", async (t) => {
   const fetch = createCompatFetch(
     new Compatibility(undefined, ["fetch_refuses_unknown_protocols"]),
     async () => new Response("upstream")
   );
   t.is(await (await fetch("http://localhost/")).text(), "upstream");
   t.is(await (await fetch("https://localhost/")).text(), "upstream");
-  t.is(await (await fetch("ws://localhost/")).text(), "upstream");
-  t.is(await (await fetch("wss://localhost/")).text(), "upstream");
 });
 test("createCompatFetch: rewrites urls of all types of fetch inputs", async (t) => {
   const { http: upstream } = await useServer(t, (req, res) => {

packages/web-sockets/src/fetch.ts

@@ -1,3 +1,4 @@
+import { URL } from "url";
 import {
   Request,
   RequestInfo,
@@ -28,7 +29,14 @@ export async function upgradingFetch(
     for (const [key, value] of request.headers.entries()) {
       headers[key] = value;
     }
-    const ws = new StandardWebSocket(request.url, {
+    const url = new URL(request.url);
+    if (url.protocol !== "http:" && url.protocol !== "https:") {
+      throw new TypeError(
+        `Fetch API cannot load: ${url.toString()}.\nMake sure you're using http(s):// URLs for WebSocket requests via fetch.`
+      );
+    }
+    url.protocol = url.protocol.replace("http", "ws");
+    const ws = new StandardWebSocket(url, {
       followRedirects: request.redirect === "follow",
       headers,
     });

packages/web-sockets/test/fetch.spec.ts

@@ -38,7 +38,7 @@ test("upgradingFetch: performs web socket upgrade", async (t) => {
     ws.send(req.headers["user-agent"]);
     ws.addEventListener("message", ({ data }) => ws.send(data));
   });
-  const res = await upgradingFetch(server.ws, {
+  const res = await upgradingFetch(server.http, {
     headers: { upgrade: "websocket", "user-agent": "Test" },
   });
   const webSocket = res.webSocket;
@@ -57,6 +57,28 @@ test("upgradingFetch: performs web socket upgrade", async (t) => {
   await eventPromise;
   t.deepEqual(messages, ["hello client", "Test", "hello server"]);
 });
+test("upgradingFetch: throws on ws(s) protocols", async (t) => {
+  await t.throwsAsync(
+    upgradingFetch("ws://localhost/", {
+      headers: { upgrade: "websocket" },
+    }),
+    {
+      instanceOf: TypeError,
+      message:
+        "Fetch API cannot load: ws://localhost/.\nMake sure you're using http(s):// URLs for WebSocket requests via fetch.",
+    }
+  );
+  await t.throwsAsync(
+    upgradingFetch("wss://localhost/", {
+      headers: { upgrade: "websocket" },
+    }),
+    {
+      instanceOf: TypeError,
+      message:
+        "Fetch API cannot load: wss://localhost/.\nMake sure you're using http(s):// URLs for WebSocket requests via fetch.",
+    }
+  );
+});
 test("upgradingFetch: requires GET for web socket upgrade", async (t) => {
   const server = await useServer(
     t,