From 6b6dc1cd3ac2690490628e0fee276e143e431b39 Mon Sep 17 00:00:00 2001
From: Kuwazy <70151472+Marzin-bot@users.noreply.github.com>
Date: Tue, 25 Mar 2025 15:00:50 +0100
Subject: [PATCH] Added check for HTTP version and GET method when upgrading
 WebSocket to comply with RFC 6455. (#23332)

---
 lib/std/http/WebSocket.zig | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/std/http/WebSocket.zig b/lib/std/http/WebSocket.zig
index 08bc420b67..8ab434ceae 100644
--- a/lib/std/http/WebSocket.zig
+++ b/lib/std/http/WebSocket.zig
@@ -23,6 +23,11 @@ pub fn init(
     send_buffer: []u8,
     recv_buffer: []align(4) u8,
 ) InitError!bool {
+    switch (request.head.version) {
+        .@"HTTP/1.0" => return false,
+        .@"HTTP/1.1" => if (request.head.method != .GET) return false,
+    }
+
     var sec_websocket_key: ?[]const u8 = null;
     var upgrade_websocket: bool = false;
     var it = request.iterateHeaders();