Origin header for WebSocket Upgrade request always starts with "http"

[hyrth]

I am getting a 403 Forbidden response during WebSocket Upgrade request when connecting to a server via HTTPS (instead of 101).
The reason is a wrong "Origin" header. The header is set in method

org.glassfish.tyrus.core.Handshake.updateHostAndOrigin(final UpgradeRequest upgradeRequest).

The Origin header is always set to scheme "http" no matter which scheme was used originally:

requestHeaders.put(UpgradeRequest.ORIGIN_HEADER, Collections.singletonList("http://" + host));

[cstack89]

I'm also having this issue, is there any way to resolve it?

[hyrth]

You can set the WebSocketHttpHeaders when calling SockJsClient.doHandshake(WebSocketHandler handler, @Nullable WebSocketHttpHeaders headers, URI url);

Something like this:

var httpHeaders = new WebSocketHttpHeaders();
httpHeaders.add("Origin", "https://your.server.url"); // Origin header of your server
httpHeaders.add(...); // additional headers like auth, token, ... whatever

// during handshake use your custom headers
sockJsClient.doHandshake(yourHandler, httpHeaders, "wss://your.server.url/websocket-resource");
...

I think that was our workaround.

[cstack89]

Thanks, I'm using a Spring WebSocketSompClient, but was able to pass in headers as well to the connect method.

stompClient.connect(finalUrl, header1, this);

[githopper]

FYI this bug was fixed by #783 and is included in release 1.19