bun.sh

mirror of https://github.com/oven-sh/bun synced 2026-02-10 02:48:50 +00:00

Files

robobun ee7608f7cf feat: support overriding Host, Sec-WebSocket-Key, and Sec-WebSocket-Protocol headers in WebSocket client (#22545 )

## Summary

Adds support for overriding special WebSocket headers (`Host`,
`Sec-WebSocket-Key`, and `Sec-WebSocket-Protocol`) via the headers
option when creating a WebSocket connection.

## Changes

- Modified `WebSocketUpgradeClient.zig` to check for and use
user-provided special headers
- Added header value validation to prevent CRLF injection attacks
- Updated the NonUTF8Headers struct to automatically filter duplicate
headers
- When a custom `Sec-WebSocket-Protocol` header is provided, it properly
updates the subprotocols list for validation

## Implementation Details

The implementation adds minimal code by:
1. Using the existing `NonUTF8Headers` struct's methods to find valid
header overrides
2. Automatically filtering out WebSocket-specific headers in the format
method to prevent duplication
3. Maintaining a single, clean code path in `buildRequestBody()`

## Testing

Added comprehensive tests in `websocket-custom-headers.test.ts` that
verify:
- Custom Host header support
- Custom Sec-WebSocket-Key header support  
- Custom Sec-WebSocket-Protocol header support
- Header override behavior when both protocols array and header are
provided
- CRLF injection prevention
- Protection of system headers (Connection, Upgrade, etc.)
- Support for additional custom headers

All existing WebSocket tests continue to pass, ensuring backward
compatibility.

## Security

The implementation includes validation to:
- Reject header values with control characters (preventing CRLF
injection)
- Prevent users from overriding critical system headers like Connection
and Upgrade
- Validate header values according to RFC 7230 specifications

## Use Cases

This feature enables:
- Testing WebSocket servers with specific header requirements
- Connecting through proxies that require custom Host headers
- Implementing custom WebSocket subprotocol negotiation
- Debugging WebSocket connections with specific keys

Fixes #[issue_number]

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

2025-09-11 19:36:01 -07:00

abort

Rewrite AbortSignal.timeout (#21695 )

2025-08-08 23:07:19 -07:00

broadcastchannel

Add BroadcastChannel.prototype[util.inspect.custom] (#19269 )

2025-04-25 18:25:22 -07:00

console

feat(minify): optimize Error constructors by removing 'new' keyword (#22493 )

2025-09-09 15:00:40 -07:00

crypto

Remove @known-failing-on-windows for tests which are no longer failing on windows