Change Origin header on proxied WebSocket requests

[treuherz]

Similar to CORS controls, WebSocket servers are often configured to check the Origin header of incoming requests. The config for the HTTP proxy overwrites requests' Origin header to prevent issues with CORS, but didn't previously do the same thing for WebSockets, as they are controlled by a different config key.

This Origin-limiting behaviour is recommended in RFC 6455 and is implemented in the Python websockets package, the Java websockets API and the Gorillas websocket package. I think it is common enough that c-r-a should support it out-of-the-box.

See https://github.com/treuherz/wstest for repro and test.

Fixes #10878

[facebook-github-bot]

Hi @treuherz!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks!

[facebook-github-bot]

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!

[treuherz]

Looks like the previous fix wasn't sufficient to work in Chrome. I've added another change to fix it and have tested in Safari, Firefox and Chrome. I think this also now fixes #5280.

[treuherz]

Rebased on top of current main