-
Notifications
You must be signed in to change notification settings - Fork 30.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
http: return HTTP 431 on HPE_HEADER_OVERFLOW error
Instead of returning a generic 400 response when the max header size is reached, return a 431 Request Header Fields Too Large. This is a semver-major because it changes the HTTP status code for requests that trigger the header overflow error. PR-URL: #25605 Fixes: #25528 Refs: https://tools.ietf.org/html/rfc6585#section-5 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
- Loading branch information
1 parent
a861add
commit bcf2886
Showing
3 changed files
with
62 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
'use strict'; | ||
const assert = require('assert'); | ||
const { createServer, maxHeaderSize } = require('http'); | ||
const { createConnection } = require('net'); | ||
const { expectsError, mustCall } = require('../common'); | ||
|
||
const CRLF = '\r\n'; | ||
const DUMMY_HEADER_NAME = 'Cookie: '; | ||
const DUMMY_HEADER_VALUE = 'a'.repeat( | ||
// plus one is to make it 1 byte too big | ||
maxHeaderSize - DUMMY_HEADER_NAME.length - (2 * CRLF.length) + 1 | ||
); | ||
const PAYLOAD_GET = 'GET /blah HTTP/1.1'; | ||
const PAYLOAD = PAYLOAD_GET + CRLF + | ||
DUMMY_HEADER_NAME + DUMMY_HEADER_VALUE + CRLF.repeat(2); | ||
|
||
const server = createServer(); | ||
|
||
server.on('connection', mustCall((socket) => { | ||
socket.on('error', expectsError({ | ||
type: Error, | ||
message: 'Parse Error', | ||
code: 'HPE_HEADER_OVERFLOW', | ||
bytesParsed: maxHeaderSize + PAYLOAD_GET.length, | ||
rawPacket: Buffer.from(PAYLOAD) | ||
})); | ||
})); | ||
|
||
server.listen(0, mustCall(() => { | ||
const c = createConnection(server.address().port); | ||
let received = ''; | ||
|
||
c.on('connect', mustCall(() => { | ||
c.write(PAYLOAD); | ||
})); | ||
c.on('data', mustCall((data) => { | ||
received += data.toString(); | ||
})); | ||
c.on('end', mustCall(() => { | ||
assert.strictEqual( | ||
received, | ||
'HTTP/1.1 431 Request Header Fields Too Large\r\n\r\n' | ||
); | ||
c.end(); | ||
})); | ||
c.on('close', mustCall(() => server.close())); | ||
})); |