Polishing contribution

Closes gh-34362

spring-websocket/src/main/java/org/springframework/web/socket/WebSocketHttpHeaders.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-websocket/src/main/java/org/springframework/web/socket/server/support/AbstractHandshakeHandler.java

@@ -228,10 +228,19 @@ public abstract class AbstractHandshakeHandler implements HandshakeHandler, Life
 					handleInvalidUpgradeHeader(request, response);
 					return false;
 				}
-				if (!headers.getConnection().contains("Upgrade") && !headers.getConnection().contains("upgrade")) {
+				List<String> connectionValue = headers.getConnection();
+				if (!connectionValue.contains("Upgrade") && !connectionValue.contains("upgrade")) {
 					handleInvalidConnectHeader(request, response);
 					return false;
 				}
+				String key = headers.getSecWebSocketKey();
+				if (key == null) {
+					if (logger.isErrorEnabled()) {
+						logger.error("Missing \"Sec-WebSocket-Key\" header");
+					}
+					response.setStatusCode(HttpStatus.BAD_REQUEST);
+					return false;
+				}
 			}
 			if (!isWebSocketVersionSupported(headers)) {
 				handleWebSocketVersionNotSupported(request, response);
@@ -241,16 +250,6 @@ public abstract class AbstractHandshakeHandler implements HandshakeHandler, Life
 				response.setStatusCode(HttpStatus.FORBIDDEN);
 				return false;
 			}
-			if (HttpMethod.GET == httpMethod) {
-				String wsKey = headers.getSecWebSocketKey();
-				if (wsKey == null) {
-					if (logger.isErrorEnabled()) {
-						logger.error("Missing \"Sec-WebSocket-Key\" header");
-					}
-					response.setStatusCode(HttpStatus.BAD_REQUEST);
-					return false;
-				}
-			}
 		}
 		catch (IOException ex) {
 			throw new HandshakeFailureException(