nodejs/test/parallel/test-http-header-overflow.js

// Flags: --expose-internals

'use strict';
const { expectsError, mustCall } = require('../common');
const assert = require('assert');
const { createServer, maxHeaderSize } = require('http');
const { createConnection } = require('net');

const { getOptionValue } = require('internal/options');

const CRLF = '\r\n';
const DUMMY_HEADER_NAME = 'Cookie: ';
const DUMMY_HEADER_VALUE = 'a'.repeat(
  // Plus one is to make it 1 byte too big
  maxHeaderSize - DUMMY_HEADER_NAME.length - (2 * CRLF.length) + 1
);
const PAYLOAD_GET = 'GET /blah HTTP/1.1';
const PAYLOAD = PAYLOAD_GET + CRLF +
  DUMMY_HEADER_NAME + DUMMY_HEADER_VALUE + CRLF.repeat(2);

const server = createServer();

server.on('connection', mustCall((socket) => {
  // Legacy parser gives sligthly different response.
  // This discripancy is not fixed on purpose.
  const legacy = getOptionValue('--http-parser') === 'legacy';
  socket.on('error', expectsError({
    type: Error,
    message: 'Parse Error: Header overflow',
    code: 'HPE_HEADER_OVERFLOW',
    bytesParsed: maxHeaderSize + PAYLOAD_GET.length - (legacy ? -1 : 0),
    rawPacket: Buffer.from(PAYLOAD)
  }));
}));

server.listen(0, mustCall(() => {
  const c = createConnection(server.address().port);
  let received = '';

  c.on('connect', mustCall(() => {
    c.write(PAYLOAD);
  }));
  c.on('data', mustCall((data) => {
    received += data.toString();
  }));
  c.on('end', mustCall(() => {
    assert.strictEqual(
      received,
      'HTTP/1.1 431 Request Header Fields Too Large\r\n' +
      'Connection: close\r\n\r\n'
    );
    c.end();
  }));
  c.on('close', mustCall(() => server.close()));
}));
http: do not emit end after aborted IncomingMessage will no longer emit end after aborted. PR-URL: https://github.com/nodejs/node/pull/27984 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-05-30 20:24:12 +02:00			`// Flags: --expose-internals`

http: return HTTP 431 on HPE_HEADER_OVERFLOW error Instead of returning a generic 400 response when the max header size is reached, return a 431 Request Header Fields Too Large. This is a semver-major because it changes the HTTP status code for requests that trigger the header overflow error. PR-URL: https://github.com/nodejs/node/pull/25605 Fixes: https://github.com/nodejs/node/issues/25528 Refs: https://tools.ietf.org/html/rfc6585#section-5 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-01-21 17:47:32 +11:00			`'use strict';`
tools: force common be required before any other modules PR-URL: https://github.com/nodejs/node/pull/27650 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> 2019-05-12 15:11:13 +08:00			`const { expectsError, mustCall } = require('../common');`
http: return HTTP 431 on HPE_HEADER_OVERFLOW error Instead of returning a generic 400 response when the max header size is reached, return a 431 Request Header Fields Too Large. This is a semver-major because it changes the HTTP status code for requests that trigger the header overflow error. PR-URL: https://github.com/nodejs/node/pull/25605 Fixes: https://github.com/nodejs/node/issues/25528 Refs: https://tools.ietf.org/html/rfc6585#section-5 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-01-21 17:47:32 +11:00			`const assert = require('assert');`
			`const { createServer, maxHeaderSize } = require('http');`
			`const { createConnection } = require('net');`

http: do not emit end after aborted IncomingMessage will no longer emit end after aborted. PR-URL: https://github.com/nodejs/node/pull/27984 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-05-30 20:24:12 +02:00			`const { getOptionValue } = require('internal/options');`

http: return HTTP 431 on HPE_HEADER_OVERFLOW error Instead of returning a generic 400 response when the max header size is reached, return a 431 Request Header Fields Too Large. This is a semver-major because it changes the HTTP status code for requests that trigger the header overflow error. PR-URL: https://github.com/nodejs/node/pull/25605 Fixes: https://github.com/nodejs/node/issues/25528 Refs: https://tools.ietf.org/html/rfc6585#section-5 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-01-21 17:47:32 +11:00			`const CRLF = '\r\n';`
			`const DUMMY_HEADER_NAME = 'Cookie: ';`
			`const DUMMY_HEADER_VALUE = 'a'.repeat(`
benchmark,doc,lib,test: capitalize comments PR-URL: https://github.com/nodejs/node/pull/26483 Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> 2019-03-07 01:03:53 +01:00			`// Plus one is to make it 1 byte too big`
http: return HTTP 431 on HPE_HEADER_OVERFLOW error Instead of returning a generic 400 response when the max header size is reached, return a 431 Request Header Fields Too Large. This is a semver-major because it changes the HTTP status code for requests that trigger the header overflow error. PR-URL: https://github.com/nodejs/node/pull/25605 Fixes: https://github.com/nodejs/node/issues/25528 Refs: https://tools.ietf.org/html/rfc6585#section-5 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-01-21 17:47:32 +11:00			`maxHeaderSize - DUMMY_HEADER_NAME.length - (2 * CRLF.length) + 1`
			`);`
			`const PAYLOAD_GET = 'GET /blah HTTP/1.1';`
			`const PAYLOAD = PAYLOAD_GET + CRLF +`
			`DUMMY_HEADER_NAME + DUMMY_HEADER_VALUE + CRLF.repeat(2);`

			`const server = createServer();`

			`server.on('connection', mustCall((socket) => {`
http: do not emit end after aborted IncomingMessage will no longer emit end after aborted. PR-URL: https://github.com/nodejs/node/pull/27984 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-05-30 20:24:12 +02:00			`// Legacy parser gives sligthly different response.`
			`// This discripancy is not fixed on purpose.`
			`const legacy = getOptionValue('--http-parser') === 'legacy';`
http: return HTTP 431 on HPE_HEADER_OVERFLOW error Instead of returning a generic 400 response when the max header size is reached, return a 431 Request Header Fields Too Large. This is a semver-major because it changes the HTTP status code for requests that trigger the header overflow error. PR-URL: https://github.com/nodejs/node/pull/25605 Fixes: https://github.com/nodejs/node/issues/25528 Refs: https://tools.ietf.org/html/rfc6585#section-5 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-01-21 17:47:32 +11:00			`socket.on('error', expectsError({`
			`type: Error,`
http: improve parser error messages Include the library-provided reason in the Error’s `message`. Fixes: https://github.com/nodejs/node/issues/28468 PR-URL: https://github.com/nodejs/node/pull/28487 Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> 2019-07-01 00:34:55 +02:00			`message: 'Parse Error: Header overflow',`
http: return HTTP 431 on HPE_HEADER_OVERFLOW error Instead of returning a generic 400 response when the max header size is reached, return a 431 Request Header Fields Too Large. This is a semver-major because it changes the HTTP status code for requests that trigger the header overflow error. PR-URL: https://github.com/nodejs/node/pull/25605 Fixes: https://github.com/nodejs/node/issues/25528 Refs: https://tools.ietf.org/html/rfc6585#section-5 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-01-21 17:47:32 +11:00			`code: 'HPE_HEADER_OVERFLOW',`
http: do not emit end after aborted IncomingMessage will no longer emit end after aborted. PR-URL: https://github.com/nodejs/node/pull/27984 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-05-30 20:24:12 +02:00			`bytesParsed: maxHeaderSize + PAYLOAD_GET.length - (legacy ? -1 : 0),`
http: return HTTP 431 on HPE_HEADER_OVERFLOW error Instead of returning a generic 400 response when the max header size is reached, return a 431 Request Header Fields Too Large. This is a semver-major because it changes the HTTP status code for requests that trigger the header overflow error. PR-URL: https://github.com/nodejs/node/pull/25605 Fixes: https://github.com/nodejs/node/issues/25528 Refs: https://tools.ietf.org/html/rfc6585#section-5 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-01-21 17:47:32 +11:00			`rawPacket: Buffer.from(PAYLOAD)`
			`}));`
			`}));`

			`server.listen(0, mustCall(() => {`
			`const c = createConnection(server.address().port);`
			`let received = '';`

			`c.on('connect', mustCall(() => {`
			`c.write(PAYLOAD);`
			`}));`
			`c.on('data', mustCall((data) => {`
			`received += data.toString();`
			`}));`
			`c.on('end', mustCall(() => {`
			`assert.strictEqual(`
			`received,`
http: send connection: close when closing conn HTTP/1.1 mandates connections which do not support keep-alive and close the connection send the connection: close header, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.10 This page also provides more information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection I understand that HTTP/1.1 defaults to keep-alive - and that the Connection: close header is required when closing a connection. This adds the Connection: close header in the 400 and 414 responses sent on client errors. PR-URL: https://github.com/nodejs/node/pull/26467 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> 2019-03-06 12:07:47 +01:00			`'HTTP/1.1 431 Request Header Fields Too Large\r\n' +`
			`'Connection: close\r\n\r\n'`
http: return HTTP 431 on HPE_HEADER_OVERFLOW error Instead of returning a generic 400 response when the max header size is reached, return a 431 Request Header Fields Too Large. This is a semver-major because it changes the HTTP status code for requests that trigger the header overflow error. PR-URL: https://github.com/nodejs/node/pull/25605 Fixes: https://github.com/nodejs/node/issues/25528 Refs: https://tools.ietf.org/html/rfc6585#section-5 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2019-01-21 17:47:32 +11:00			`);`
			`c.end();`
			`}));`
			`c.on('close', mustCall(() => server.close()));`
			`}));`