From 61354e063687ddc43b3424b1c140ea655bbc014e Mon Sep 17 00:00:00 2001
From: Louis-Philippe Huberdeau <lp@huberdeau.info>
Date: Mon, 4 Dec 2017 10:23:13 -0500
Subject: [PATCH] Limit protocol upgrades to supported protocols

---
 aiohttp/http_parser.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/aiohttp/http_parser.py b/aiohttp/http_parser.py
index d31a62042e7..49058456934 100644
--- a/aiohttp/http_parser.py
+++ b/aiohttp/http_parser.py
@@ -327,6 +327,12 @@ def parse_headers(self, lines):
             elif v == 'upgrade':
                 upgrade = True
 
+        # restrict connection upgrade to supported protocols
+        upgrade_to = headers.get(hdrs.UPGRADE)
+        if upgrade_to:
+            v = conn.lower()
+            upgrade = upgrade and v in {'websocket'}
+
         # encoding
         enc = headers.get(hdrs.CONTENT_ENCODING)
         if enc: