@@ -3853,9 +3853,10 @@ WebSocketChannel::OnStartRequest(nsIRequest *aRequest,
38533853 return NS_ERROR_ILLEGAL_VALUE ;
38543854 }
38553855
3856- // If we sent a sub protocol header, verify the response matches
3857- // If it does not, set mProtocol to "" so the protocol attribute
3858- // of the WebSocket JS object reflects that
3856+ // If we sent a sub protocol header, verify the response matches.
3857+ // If response contains protocol that was not in request, fail.
3858+ // If response contained no protocol header, set to "" so the protocol
3859+ // attribute of the WebSocket JS object reflects that
38593860 if (!mProtocol .IsEmpty ()) {
38603861 nsAutoCString respProtocol;
38613862 rv = mHttpChannel ->GetResponseHeader (
@@ -3865,7 +3866,7 @@ WebSocketChannel::OnStartRequest(nsIRequest *aRequest,
38653866 rv = NS_ERROR_ILLEGAL_VALUE ;
38663867 val = mProtocol .BeginWriting ();
38673868 while ((token = nsCRT::strtok (val, " , \t " , &val))) {
3868- if (PL_strcasecmp (token, respProtocol.get ()) == 0 ) {
3869+ if (PL_strcmp (token, respProtocol.get ()) == 0 ) {
38693870 rv = NS_OK ;
38703871 break ;
38713872 }
@@ -3877,9 +3878,11 @@ WebSocketChannel::OnStartRequest(nsIRequest *aRequest,
38773878 mProtocol = respProtocol;
38783879 } else {
38793880 LOG ((" WebsocketChannel::OnStartRequest: "
3880- " subprotocol [%s] not found - %s returned " ,
3881- mProtocol . get (), respProtocol.get ()));
3881+ " Server replied with non-matching subprotocol [%s]: aborting " ,
3882+ respProtocol.get ()));
38823883 mProtocol .Truncate ();
3884+ AbortSession (NS_ERROR_ILLEGAL_VALUE );
3885+ return NS_ERROR_ILLEGAL_VALUE ;
38833886 }
38843887 } else {
38853888 LOG ((" WebsocketChannel::OnStartRequest "
0 commit comments