OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

http: llhttp opt-in insecure HTTP header parsing

Browse Source 
Allow insecure HTTP header parsing. Make clear it is insecure.

See:
- https://github.com/nodejs/node/pull/30553
- https://github.com/nodejs/node/issues/27711#issuecomment-556265881
- https://github.com/nodejs/node/issues/30515

PR-URL: https://github.com/nodejs/node/pull/30567
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Sam Roberts
2019-11-20 11:48:58 -08:00
parent d7b8ae72d9
commit 02a0c74861
8 changed files with 47 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/_http_common.js
View File

@@ -28,6 +28,8 @@ const {
const { setImmediate } = require('timers');
const { methods, HTTPParser } = internalBinding('http_parser');
const { getOptionValue } = require('internal/options');
const insecureHTTPParser = getOptionValue('--insecure-http-parser');
const FreeList = require('internal/freelist');
const incoming = require('_http_incoming');
@@ -237,6 +239,16 @@ function prepareError(err, parser, rawPacket) {
err.message = `Parse Error: ${err.reason}`;
}
let warnedLenient = false;
function isLenient() {
if (insecureHTTPParser && !warnedLenient) {
warnedLenient = true;
process.emitWarning('Using insecure HTTP parsing');
}
return insecureHTTPParser;
}
module.exports = {
_checkInvalidHeaderChar: checkInvalidHeaderChar,
_checkIsHttpToken: checkIsHttpToken,
@@ -249,5 +261,6 @@ module.exports = {
parsers,
kIncomingMessage,
HTTPParser,
isLenient,
prepareError,
};