http: improve errors thrown in header validation #16715
Conversation
joyeecheung
force-pushed
the
improve-http-err
branch
from
b09ead1 to
a4c2e6e
Compare
nodejs-github-bot
added
the
lib / src
joyeecheung
added
errors
|
Would be nice to have |
| ### ERR_HTTP2_INVALID_HEADER_VALUE | ||
| ### ERR_HTTP_INVALID_HEADER_VALUE | ||
| <a id="ERR_HTTP_INVALID_HEADER_VALUE"></a> | ||
| ### ERR_HTTP_INVALID_HEADER_VALUE |
| throw new errors.Error('ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED'); | ||
| if (value === undefined || value === null) | ||
| throw new errors.TypeError('ERR_HTTP2_INVALID_HEADER_VALUE'); | ||
| var err; |
There was a problem hiding this comment.
Nit: can we use let? (I don't think there's many/any vars in http2 except for for loops.)
There was a problem hiding this comment.
I am still under the impression that we favor var in cases like this...might be just outdated impressions, I'll fix that.
| @@ -26,17 +26,17 @@ server.listen(0, common.mustCall(() => { | |||
| common.expectsError( | |||
| () => response.setTrailer('test', undefined), | |||
| { | |||
| code: 'ERR_HTTP2_INVALID_HEADER_VALUE', | |||
There was a problem hiding this comment.
I'm not 100% sure about this because the semantics of the http2 validation are slightly different, for example pseudo headers are an http2 only feature.
| throw new errors.TypeError('ERR_INVALID_CHAR', 'header content', name); | ||
| err = new errors.TypeError('ERR_INVALID_CHAR', 'header content', name); | ||
| } | ||
| if (err) { |
There was a problem hiding this comment.
Since this is an object, can we do a strict comparison to undefined? (This function is kind of in a hot path.)
| } else if (value === undefined || value === null) { | ||
| err = new errors.TypeError('ERR_HTTP_INVALID_HEADER_VALUE', value, name); | ||
| } | ||
| if (err) { |
There was a problem hiding this comment.
Same as for http, could we compare to undefined to avoid the whole document.all perf issue? (This is in a hot path.)
| @@ -818,9 +818,11 @@ HTTP/1 connection specific headers are forbidden to be used in HTTP/2 | |||
| requests and responses. | |||
|
|
|||
| <a id="ERR_HTTP2_INVALID_HEADER_VALUE"></a> | |||
| ### ERR_HTTP2_INVALID_HEADER_VALUE | |||
| ### ERR_HTTP_INVALID_HEADER_VALUE | |||
There was a problem hiding this comment.
Actually it's accidentally changed..we need to keep the documentation for ERR_HTTP2_INVALID_HEADER_VALUE because it's out there already.
There was a problem hiding this comment.
If the codebase doesn't raise an error with this code though, should it be removed? 😬
|
|
||
| Used to indicate that an invalid HTTP/2 header value has been specified. | ||
| Used to indicate that an invalid HTTP header value has been specified. |
There was a problem hiding this comment.
Should we explicitly say HTTP/1.1 and HTTP/2?
|
Is this semver-major? It doesn't modify error codes except for http2 which is experimental. (And I'm not even 100% confident the error code for h2 should change, see above.) |
|
@apapirovski Hmmm, actually I don't know what's our policy for "changing error code but it's an error in the experimental module".. |
|
@apapirovski Ah, wait, it also modifies the HTTP error codes ( |
|
@joyeecheung They already changed roughly a million times during v8.x... that ship might've sailed. 😆
Ah true. Wonder if we could split into two separate PRs/commits so most of this could land right away? |
Yeah that seems like a better idea. I will close this one and open another two. |
Fixes: #16714
This PR:
ERR_HTTP2_INVALID_HEADER_VALUEwithERR_HTTP_INVALID_HEADER_VALUE, don't really see a need to differentiate the two.ERR_HTTP2_INVALID_HEADER_VALUEis kept.Value must not be undefined or null(HTTP2) orThe "value" argument must be specified(HTTP), after it'sInvalid value "undefined" for header "test". If the user is setting the header in a loop this would be much more useful.Error.captureStackTraceto exclude the validation functions from the stack traceChecklist
make -j4 test(UNIX), orvcbuild test(Windows) passesAffected core subsystem(s)
http, http2