4cd8e1914a
This also notably changes error handling for request(). Previously some invalid header values (but not all) would cause the session to be unnecessarily destroyed automatically, e.g. passing an unparseable header name to request(). This is no longer the case: header validation failures will throw an error, but will not destroy the session or emit 'error' events. PR-URL: https://github.com/nodejs/node/pull/57917 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
86 lines
2.2 KiB
JavaScript
86 lines
2.2 KiB
JavaScript
'use strict';
|
|
const common = require('../common');
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
const assert = require('assert');
|
|
const http2 = require('http2');
|
|
const { duplexPair } = require('stream');
|
|
|
|
{
|
|
const testData = '<h1>Hello World</h1>';
|
|
const server = http2.createServer();
|
|
server.on('stream', common.mustCall((stream, headers) => {
|
|
stream.respond({
|
|
'content-type': 'text/html',
|
|
':status': 200,
|
|
'cookie': 'donotindex',
|
|
'not-sensitive': 'foo',
|
|
'sensitive': 'bar',
|
|
// sensitiveHeaders entries are case-insensitive
|
|
[http2.sensitiveHeaders]: ['Sensitive']
|
|
});
|
|
stream.end(testData);
|
|
}));
|
|
|
|
const [ clientSide, serverSide ] = duplexPair();
|
|
server.emit('connection', serverSide);
|
|
|
|
const client = http2.connect('http://localhost:80', {
|
|
createConnection: common.mustCall(() => clientSide)
|
|
});
|
|
|
|
const req = client.request({ ':path': '/' });
|
|
|
|
req.on('response', common.mustCall((headers) => {
|
|
assert.strictEqual(headers[':status'], 200);
|
|
assert.strictEqual(headers.cookie, 'donotindex');
|
|
assert.deepStrictEqual(headers[http2.sensitiveHeaders],
|
|
['cookie', 'sensitive']);
|
|
}));
|
|
|
|
req.on('end', common.mustCall(() => {
|
|
clientSide.destroy();
|
|
clientSide.end();
|
|
}));
|
|
req.resume();
|
|
req.end();
|
|
}
|
|
|
|
{
|
|
const server = http2.createServer();
|
|
server.on('stream', common.mustCall((stream, headers) => {
|
|
assert.deepStrictEqual(
|
|
headers[http2.sensitiveHeaders],
|
|
['secret']
|
|
);
|
|
stream.respond({ ':status': 200 });
|
|
stream.end();
|
|
}));
|
|
|
|
const [ clientSide, serverSide ] = duplexPair();
|
|
server.emit('connection', serverSide);
|
|
|
|
const client = http2.connect('http://localhost:80', {
|
|
createConnection: common.mustCall(() => clientSide)
|
|
});
|
|
|
|
const rawHeaders = [
|
|
':path', '/',
|
|
'secret', 'secret-value',
|
|
];
|
|
rawHeaders[http2.sensitiveHeaders] = ['secret'];
|
|
|
|
const req = client.request(rawHeaders);
|
|
|
|
req.on('response', common.mustCall((headers) => {
|
|
assert.strictEqual(headers[':status'], 200);
|
|
}));
|
|
|
|
req.on('end', common.mustCall(() => {
|
|
clientSide.destroy();
|
|
clientSide.end();
|
|
}));
|
|
req.resume();
|
|
req.end();
|
|
}
|