Closed CompaqDisc closed 2 years ago
Thank you for the detailed report, that's very useful! Maybe I need a separate issue label for websockets, the bugs are always so nasty >_>.
In this case, it looks to be an instance of https://github.com/netty/netty/issues/9673. I think the easiest thing to do here is subclass WebSocketClientHandshaker13
, override newHandshakeRequest
and then remove the Origin
header from the request if it's not present in the user-supplied custom headers.
Will have a look at that this evening. Should be easy, just unfortunate it needs to be done at all!
I'm happy that I was able to get things into the right hands!
Luckily this can be worked around in-game (at least in this particular situation) by defining the origin header content as an empty string like so:
local my_headers = {
["X-Foo"] = "bar",
["Origin"] = ""
}
Minecraft Version
1.19.x
Version
1.100.10
Details
Logs: latest.log debug.log
Root Cause
I've found out by fiddling with curl that this is caused by ComputerCraft/Netty adding an origin header to the request.
Action Performed: I tried connecting to the Discord Gateway API using
http.websocket(url, headers)
The Lua code for which was:
Expected Result: The connection would succeed and I would receive the expected WebSocket message, in the same manner as the tool
wscat
, invoked as per the following (and run from the same PC/IP address):Actual Result: My connection is disconnected with the error:
Invalid handshake response getStatus: 403 Forbidden
, which results from Cloudflare dropping the connection with a HTTP 403 / Cloudflare 1020.Additionally: The existing code works correctly if I instead try to connect to
wss://api.kashall.dev/socket
, which the author @Kashalls has told me is written in NodeJS and is also behind Cloudflare. So my primary concern is if behind the scenes something odd is done that would result in such behaviour.Requests (captured from Wireshark) Successful (with
wscat
, it actually returns 301, because for testing I did this over http):Unsuccessful (ComputerCraft):