Make Upgrade header check for websockets case insensitive, closes #228

pull/232/head
Philipp Heckel 2022-04-29 13:23:04 -04:00
parent 28bb8d4446
commit edfed24c27
3 changed files with 39 additions and 24 deletions

View File

@ -519,24 +519,27 @@ or the root domain:
``` ```
<VirtualHost *:80> <VirtualHost *:80>
ServerName ntfy.sh ServerName ntfy.sh
SetEnv proxy-nokeepalive 1 # Proxy connections to ntfy (requires "a2enmod proxy")
SetEnv proxy-sendchunked 1
ProxyPass / http://127.0.0.1:2586/ ProxyPass / http://127.0.0.1:2586/
ProxyPassReverse / http://127.0.0.1:2586/ ProxyPassReverse / http://127.0.0.1:2586/
SetEnv proxy-nokeepalive 1
SetEnv proxy-sendchunked 1
# Higher than the max message size of 4096 bytes # Higher than the max message size of 4096 bytes
LimitRequestBody 102400 LimitRequestBody 102400
# WebSockets support # Enable mod_rewrite (requires "a2enmod rewrite")
RewriteEngine on
# WebSockets support (requires "a2enmod rewrite proxy_wstunnel")
RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC] RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:2586/$1" [P,L] RewriteRule ^/?(.*) "ws://127.0.0.1:2586/$1" [P,L]
# Redirect HTTP to HTTPS, but only for GET topic addresses, since we want # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want
# it to work with curl without the annoying https:// prefix # it to work with curl without the annoying https:// prefix
RewriteEngine on
RewriteCond %{REQUEST_METHOD} GET RewriteCond %{REQUEST_METHOD} GET
RewriteRule ^/([-_A-Za-z0-9]{0,64})$ https://%{SERVER_NAME}/$1 [R,L] RewriteRule ^/([-_A-Za-z0-9]{0,64})$ https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost> </VirtualHost>
@ -548,26 +551,24 @@ or the root domain:
SSLCertificateFile /etc/letsencrypt/live/ntfy.sh/fullchain.pem SSLCertificateFile /etc/letsencrypt/live/ntfy.sh/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ntfy.sh/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/ntfy.sh/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf Include /etc/letsencrypt/options-ssl-apache.conf
SetEnv proxy-nokeepalive 1 # Proxy connections to ntfy (requires "a2enmod proxy")
SetEnv proxy-sendchunked 1
ProxyPass / http://127.0.0.1:2586/ ProxyPass / http://127.0.0.1:2586/
ProxyPassReverse / http://127.0.0.1:2586/ ProxyPassReverse / http://127.0.0.1:2586/
SetEnv proxy-nokeepalive 1
SetEnv proxy-sendchunked 1
# Higher than the max message size of 4096 bytes # Higher than the max message size of 4096 bytes
LimitRequestBody 102400 LimitRequestBody 102400
# WebSockets support # Enable mod_rewrite (requires "a2enmod rewrite")
RewriteEngine on
# WebSockets support (requires "a2enmod rewrite proxy_wstunnel")
RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC] RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:2586/$1" [P,L] RewriteRule ^/?(.*) "ws://127.0.0.1:2586/$1" [P,L]
# Redirect HTTP to HTTPS, but only for GET topic addresses, since we want
# it to work with curl without the annoying https:// prefix
RewriteEngine on
RewriteCond %{REQUEST_METHOD} GET
RewriteRule ^/([-_A-Za-z0-9]{0,64})$ https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost> </VirtualHost>
``` ```

View File

@ -6,9 +6,19 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release
## ntfy Android app v1.13.0 (UNRELEASED) ## ntfy Android app v1.13.0 (UNRELEASED)
Bugs: **Features:**
* Accurate naming of "mute notifications" from "pause notifications" ([#224](https://github.com/binwiederhier/ntfy/issues/224),
thanks to [@shadow00](https://github.com/shadow00) for reporting) * Cards in notification detail view ([#175](https://github.com/binwiederhier/ntfy/issues/224), thanks to [@cmeis](https://github.com/cmeis) for reporting)
**Bugs:**
* Accurate naming of "mute notifications" from "pause notifications" ([#224](https://github.com/binwiederhier/ntfy/issues/224), thanks to [@shadow00](https://github.com/shadow00) for reporting)
* Make messages with links selectable ([#226](https://github.com/binwiederhier/ntfy/issues/226), thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov) for reporting)
**Thanks for testing:**
Thanks to [@cmeis](https://github.com/cmeis), [@StoyanDimitrov](https://github.com/StoyanDimitrov), [@Fallenbagel](https://github.com/Fallenbagel) for testing, and
to [@Joeharrison94](https://github.com/Joeharrison94) for the input.
## ntfy server v1.22.0 (UNRELEASED) ## ntfy server v1.22.0 (UNRELEASED)
@ -16,6 +26,10 @@ Bugs:
* Better parsing of the user actions, allowing quotes (no ticket) * Better parsing of the user actions, allowing quotes (no ticket)
**Bugs:**
* `Upgrade` header check is now case in-sensitive ([#228](https://github.com/binwiederhier/ntfy/issues/228), thanks to [@wunter8](https://github.com/wunter8) for finding it)
--> -->
## ntfy Android app v1.12.0 ## ntfy Android app v1.12.0

View File

@ -739,7 +739,7 @@ func (s *Server) handleSubscribeHTTP(w http.ResponseWriter, r *http.Request, v *
} }
func (s *Server) handleSubscribeWS(w http.ResponseWriter, r *http.Request, v *visitor) error { func (s *Server) handleSubscribeWS(w http.ResponseWriter, r *http.Request, v *visitor) error {
if r.Header.Get("Upgrade") != "websocket" { if strings.ToLower(r.Header.Get("Upgrade")) != "websocket" {
return errHTTPBadRequestWebSocketsUpgradeHeaderMissing return errHTTPBadRequestWebSocketsUpgradeHeaderMissing
} }
if err := v.SubscriptionAllowed(); err != nil { if err := v.SubscriptionAllowed(); err != nil {