fix: ensure valid Sec-WebSocket-Protocol

[kmohrf]

Hi,

The WebSocket RFC requires in section 4.1 item 10 for the Sec-WebSocket-Protocol header that

If present, this value indicates one or more comma-separated subprotocol the client wishes to speak [...]

Strict implementations like the popular Node.js library ws follow that definition to the letter and abort the handshake, if the Sec-WebSocket-Protocol header is set but empty. Ideally, soup should reject an empty list of protocols or handle it gracefully but unfortunately does neither.

Thank you for your time!

Konrad

[kmohrf]

I’ve also created an issue for libsoup.

[kmohrf]

I’m currenty waiting for the related merge request to be merged, that will change how libsoup handles an empty protocol list.

This PR might be redundant afterwards.

[sonnyp]

@kmohrf looks like https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/332 was closed

This can be closed, right?

[kmohrf]

I haven’t tested the current implementation in libsoup yet, because they haven’t released any new versions since the merge. Depending on how they handle the empty protocols array, your WebSocket implementation might not be compatible, with the one documented in the standard. If you want to check that yourself feel free to close this PR. Otherwise, I’ll write me a note to check back on this PR in january with the hope that they’ve released a new version that made in into Archlinux by that time.